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Abstract 

The  intended  meaning  of  intuitionistic  logic  is  given  by  the  Brouwer-Hey  ting-Kolmogorov 
(BHK)  semantics  which  informally  defines  intuitionistic  truth  as  provability  and  specifies 
the  intuitionistic  connectives  via  operations  on  proofs.  The  natural  problem  of  formalizing 
the  BHK  semantics  and  establishing  the  completeness  of  propositional  intuitionistic  logic 
Xnt  with  respect  to  this  semantics  remained  open  until  recently.  This  question  turned 
out  to  be  a  part  of  the  more  general  problem  of  the  intended  semantics  for  Godel’s  modal 

*  logic  of  provability  Si  with  the  atoms  “F  is  provable”  which  was  open  since  1933.  In  this 
paper  we  present  complete  solutions  to  both  of  these  problems. 

We  find  the  logic  of  explicit  provability  (CP)  with  the  atoms  “t  is  a  proof  of  J F”  and 

*  establish  that  every  theorem  of  Si  admits  a  reading  in  CP  as  the  statement  about  explicit 
provability.  This  provides  the  adequate  provability  semantics  for  Si  along  the  lines  of  a 
suggestion  made  by  Godel  in  1938.  The  explicit  provability  reading  of  GodePs  embedding 
of  Xnt  into  Si  gives  the  desired  formalization  of  the  BHK  semantics:  Xnt  is  shown  to 
be  complete  with  respect  to  this  semantics.  In  addition,  CP  has  revealed  the  relationship 
between  proofs  and  types,  and  subsumes  the  A-calculus,  modal  A-calculus  and  combinatory 
logic. 


1  Intended  provability  semantics  for  intuitionistic  logic 

According  to  Brouwer,  intuitionistic  truth  means  provability:  “a  statement  is  true  if  we  have  a 
proof  of  it,  and  false  if  we  can  show  that  the  assumption  that  there  is  a  proof  for  the  statement 
leads  to  a  contradiction”  ([72],  p.4).  This  semantics  is  implicit  in  some  of  Brouwer’s  papers, 
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e.g.  [16].  In  1930  A.  Heyting  suggested  the  axiom  system  Xnt  for  intuitionistic  logic  ([28])1. 
In  1931-34  Heyting  and  Kolmogorov  made  Brouwer’s  definition  of  intuitionistic  truth  explicit, 
though  informal,  by  introducing  what  is  now  known  as  Brouwer-Heyting-Kolmogorov  (BHK) 
semantics.  BHK  semantics  is  widely  recognized  as  the  intended  semantics  for  intuitionistic 
logic  ([18], [19], [20], [24], [37], [47], [50], [72], [73], [74], [75], [76]).  BHK  semantics  gives  an  informal 
explanation  of  the  truth  of  intuitionistic  connectives.  A  statement  is  true  if  it  has  a  proof,  and 
a  proof  of  a  logically  compound  statement  is  given  in  terms  of  the  proofs  of  its  components. 
The  description  uses  the  unexplained  primitive  notions  of  construction  and  proof. 

•  A  proof  of  a  proposition  AAB  consists  of  a  proof  of  A  and  a  proof  of  B, 

•  a  proof  of  AVB  is  given  by  presenting  either  a  proof  of  A  or  a  proof  of  B, 

•  a  proof  of  A  -4  B  is  a  construction  which,  given  a  proof  of  A  returns  a  proof  of  B, 

•  absurdity  _L  is  a  proposition  which  has  no  proof  and  a  proof  of  -i A  is  a  construction 
which,  given  a  proof  of  A,  would  return  a  proof  of  _L. 

This  semantics  was  partially  introduced  by  Heyting  [29]  (clauses  for  conjunction  and  disjunc¬ 
tion),  and  by  Kolmogorov  [34]  (clauses  for  implication  and  negation).  The  above  formulation 
of  BHK  semantics  appeared  in  [30].  For  further  comments  one  may  consult  [18], [20], [24], 
[69], [72], [73], [74]. 

The  natural  problem  of  formalizing  BHK  semantics  and  establishing  the  completeness  of 
*  Xnt  with  respect  to  this  semantics  remained  open  until  recently  despite  a  long  history  of 

studies  in  this  area  (see  section  3  of  this  paper). 

To  be  sure,  there  are  many  models  of  different  natures  known  for  Xnt.  A  semantics 
for  Xnt  is  adequate  if  Xnt  is  (sound  and)  complete  with  respect  to  this  semantics. 

A  number  of  adequate  semantics  for  intuitionistic  logic  have  been  found:  alge¬ 
braic  (Birkhof,  [11]),  topological  (McKinsey-Tarski,  [48]),  Kripke  semantics  ([41]), 
and  some  others.  Algebraic  models  for  Xnt  are  given  by  pseudo-boolean  algebras, 
which  generalizes  the  boolean  algebra  semantics  of  classical  logic.  Topological 
semantics  for  Xnt  is  similar  to  set-theoretical  semantics  for  classical  logic.  In  a 
given  topological  space  propositional  variables  are  evaluated  by  arbitrary  subsets, 
conjunction  and  disjunction  operate  in  the  usual  set-theoretical  manner,  while  in¬ 
tuitionistic  implication  and  negation  operate  as  classical  implication  and  negation 
followed  by  the  interior  operation.  Kripke  model  for  Xnt  is  a  collection  of  the  usual 
0  —  1  evaluations  of  atomic  propositions  ( possible  worlds)  connected  by  a  reflexive 
and  transitive  binary  accessibility  relation  and  satisfying  knowledge  preservation 

lThe  name  Xnt  will  signify  propositional  intuitionistic  logic. 
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principle :  if  a  statement  holds  in  some  world,  then  it  also  holds  in  all  the  worlds 
accessible  from  the  given  one.  Again,  in  every  world  the  truth  of  conjunction  or 
disjunction  is  determined  according  to  the  usual  classical  truth  tables.  Implication 
or  negation  is  true  in  a  world  iff  it  is  true  classically  in  every  world  accessible  from 
the  given  one.  Comprehensive  surveys  of  these  and  other  semantics  for  intuition- 
istic  logic  can  be  found  in  [18], [61], [72]. 

BHK  semantics  gave  rise  to  intensive  studies  of  constructive  semantics  for  intuitionistic  the¬ 
ories,  first  of  all  realizability.  The  basic  notions  of  realizability  were  defined  along  the  lines 
of  BHK  clauses  with  different  constructive  objects  instead  of  proofs:  computable  functions 
and  their  codes  (e.g.  in  [32], [33]),  computable  operations  of  higher  types  (e.g.  in  [38]),  partial 
recursive  operations  (e.g.  in  [21], [22]),  etc.  For  the  references  one  may  consult  recent  surveys 
on  realizability  and  constructive  semantics  [8], [71]. 

Note  that  the  standard  realizability  semantics  for  Xnt  is  not  adequate.  First  of  all, 
following  Kleene  ([32])  one  should  distinguish  between  intuitionistic  and  classical 
understanding  of  realizability  semantics  for  intuitionistic  theories.  Intuitionistic 
realizability  enjoys  some  nice  completeness  properties  but  does  not  provide  an 
independent  semantics  for  Xnt.  For  example,  as  follows  from  [58],  a  formula  F 
is  provable  in  intuitionistic  predicate  logic  iff  all  arithmetical  instances  of  F  are 
provably  realizable  in  a  certain  extension  HA+  of  intuitionistic  arithmetic.  Such 
a  result  relates  Xnt  with  a  formal  theory  based  on  the  same  Xnt  and  thus  is  not 
intended  to  give  an  independent  semantics  for  the  latter.  On  the  other  hand,  clas¬ 
sical  realizabilities  (Kleene  realizability  [32],  function  realizability  [33],  modified 
realizability  [38],  Medvedev’s  calculus  of  finite  problems  [50]  and  its  variants),  give 
conditions  necessary  but  not  sufficient  for  Xraf(cf.[18],[71],[74],[75]). 

It  turned  out  that  the  natural  deduction  proofs  for  Xnt  can  be  transliterated  by  the  Curry- 
Howard  isomorphism  into  the  language  of  typed  A-terms  (see,  for  example,  [24], [20], [72]).  The 
inductive  definition  of  the  Curry-Howard  isomorphism  goes  along  the  lines  of  BHK  clauses, 
where  A-terms  play  the  role  of  BHK  proofs.  Though  very  important  for  establishing  connec¬ 
tions  between  derivations/formulas  of  Xnt  and  terms/types  in  A-calculus,  a  Curry-Howard 
presentation  does  not  give  an  independent  semantical  characterization  for  Xnt.  Indeed,  un¬ 
der  this  presentation  the  realization  of  a  sentence  is  modulo  to  isomorphism  a  derivation  of 
this  sentence  in  the  same  Xnt.  Loosely  speaking,  from  the  BHK  semantics  perspective,  the 
Curry-Howard  isomorphism  provides  a  trivial  solution:  a  formula  F  is  true,  by  definition,  if 
F  is  derivable  in  Xnt. 


V 


2  Classical  vs.  intuitionistic  BHK  semantics 

Despite  strong  similarities  between  Heyting’s  and  Kolmogorov’s  descriptions  of  the  provability 
semantics  for  Xnt,  their  approaches  had  fundamentally  different  objectives. 

Heyting  explained  propositional  intuitionistic  logic  Xnt  in  terms  of  the  intuitionistic  under¬ 
standing  of  constructions  and  proofs.  His  semantics  gives  a  partial  analysis  of  the  intuitionistic 
meaning  of  a  statement  and  does  not  intend  to  provide  a  foundation  for  Xnt  independent  of 
the  intuitionistic  assumptions. 

Kolmogorov  in  [34]  intended  to  interpret  Xnt  on  the  basis  of  the  usual  mathematical  notion 
of  problem  solution  (e.g.,  proof),  and  thus  to  provide  a  definition  of  intuitionistic  logic  within 
classical  mathematics.  Kolmogorov  suggested  reading  Xnt  as  the  calculus  of  solvable  schemes 
of  problems.  The  basic  notions  of  Kolmogorov’s  interpretation  are  problems  and  problem 
solutions.  Each  proposition  denotes  a  problem.  Solutions  of  the  compound  problems  are 
described  in  terms  of  the  solutions  of  their  components  along  the  lines  of  the  BHK  clauses 
above  (reading  “proof”  as  “solution”).  A  problem  scheme  A (p)  is  solved ,  if  there  exists  a 
general  method  of  solving  the  problem  A  for  any  particular  choice  of  the  problems  p  and 
their  solutions.  Kolmogorov  noticed  that  all  axioms  of  the  Heyting  calculus  for  propositional 
intuitionistic  logic  Xnt  stood  for  the  solved  problem  schemes,  the  rules  preserved  the  property 
of  a  scheme  being  solved,  and  thus  all  schemes  derived  in  Xnt  were  solved.  Kolmogorov  also 
assumed  implicitly  that  all  such  schemes  could  be  derived  from  the  Heyting  axioms  for  Xnt 
and  therefore  Xnt  was  the  calculus  of  the  solved  problem  schemes.  In  his  comments  [35]  of 
1985  Kolmogorov  elaborates: 

“The  paper  [34]  was  written  in  a  hope  that  the  logic  of  solutions  of  problems 
would  eventually  become  a  permanent  part  of  a  logic  course.  It  was  supposed  to 
create  a  unified  logical  technique  dealing  with  two  types  of  objects:  statements 
and  problems.”2 

This  difference  between  the  Heyting  and  Kolmogorov  semantics  for  Xnt  was  acknowledged  by 
Heyting  himself  in  [30].  A.  Troelstra  in  [70]  characterized  Kolmogorov’s  interpretation  of  Xnt 
as  “meaningful  independently  of  intuitionistic  bias.” 

Since  the  authors  of  the  name  UBHK  semantics ”  were  apparently  aware  of  the  differences 
between  the  Heyting  and  Kolmogorov  approaches,  we  do  not  suggest  changing  this  well  es¬ 
tablished  name.  However,  for  the  purposes  of  formalization  of  BHK  semantics  it  is  important 
to  distinguish  between  classical  and  intuitionistic  interpretations  of  BHK  clauses.  We  suggest 
the  name  classical  BHK  semantics  for  the  former  and  intuitionistic  BHK  semantics  for  the 
latter.  Thus,  Kolmogorov’s  reading  of  Xnt  as  the  logic  of  problem  solutions  may  be  considered 
classical  BHK  semantics. 

2 Translated  from  Russian  by  SA. 
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A  mathematical  explication  of  intuitionistic  BHK  semantics  would  depend  on  a  choice  of 
intuitionistic  theory  to  take  BHK  proofs  from.  Eventually,  it  would  lead  to  an  interpretation 
of  In t  in  a  system  based  on  Int  and  presumably  more  complicated  than  Int.  Such  a  semantics 
could  not  provide  an  independent  foundation  for  intuitionistic  logic.  We  will  not  address  the 
issue  of  intuitionistic  BHK  semantics  in  this  paper. 

We  demonstrate  that  classical  BHK  semantics,  in  turn,  admits  an  exact  mathematical 
formalization,  which  indeed  provides  an  adequate  semantics  for  Int  on  the  basis  of  the  usual 
classical  notion  of  proof. 

3  Semantics  of  Xnt  via  modal  provability  logic 

Probably  the  first  paper  on  formal  provability  semantics  for  intuitionistic  logic  was  written 
in  1928  by  Orlov  ([57]).  He  introduced  a  unary  logical  connective  (we  call  this  connective  □, 
for  the  sake  of  notational  uniformity)  with  the  informal  reading  of  OF  as  “F  is  provable”. 
Orlov  suggested  prefixing  all  subformulas  of  a  given  propositional  intuitionistic  formula  by  □, 
and  understanding  the  logical  connectives  in  the  usual  classical  way.  Orlov’s  modal  axioms 
for  provability  coincide  with  the  ones  for  the  modal  logic  54,  which  was  later  recognized  as 
the  modal  logic  for  provability  ([25]).  Orlov  used  a  certain  proper  fragment  of  classical  logic 
in  the  background,  thus  making  his  system  weaker  than  54.  Nevertheless,  he  succeeded  in 
deducing  a  number  of  properties  of  the  provability  operator  and  reproducing  some  basic  laws 
of  intuitionistic  logic,  e.g.  -> -i->a  <->•  ->a. 

Apparently  independent  of  [57],  Godel  in  1933  introduced  the  modal  logic  of  provability 
and  explicitly  defined  Int  in  this  logic.  Godel’s  provability  logic  has  the  same  modal  axioms 
and  rules  as  the  one  from  [57],  i.e. 

•  OF-*F, 

•  □(F-+G)->(DF ->□£), 

•  DF-^DDF, 

•  Fh  OF  (necessitation  rule), 

admits  all  axioms  and  rules  of  classical  logic,  and  therefore  coincides  with  the  classical  modal 
logic  54.  Godel  considered  the  translation  t(F)  of  an  intuitionistic  formula  F  into  the  classical 
modal  language  similar  to  the  one  from  [57]:  “box  each  subformula  of  F”.  Godel  established 
that 

Int  1-  F  =>  54 1-  t(F), 
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thus  providing  an  exact  reading  of  th elnt  formulas  as  statements  about  provability  in  classical 
mathematics.  He  conjectured  that  the  inverse  4=  also  holds.  This  conjecture  was  eventually 
established  in  [49]. 

However,  the  ultimate  goal  of  defining  Int  via  the  notion  of  a  proof  in  classical  math¬ 
ematics  had  not  been  achieved  because  <54  was  left  without  an  exact  intended  semantics  of 
the  provability  operator  □.  Godel  himself  was  the  first  who  addressed  the  issue  of  provability 
semantics  for  <54  ([25],  cf.[70]).  He  pointed  out  that  the  straightforward  reading  of  DF  as  “F 
is  provable  in  a  certain  formal  system”  contradicted  his  incompleteness  theorem. 

Let  us  consider  first  order  arithmetic  VA.  Let  _L  be  the  boolean  constant  false] 
then  the  54-axiom  corresponds  to  the  statement  Consis  VA,  expressing 

consistency  of  VA.  By  necessitation,  <54  derives  JL).  The  latter  formula 

expresses  the  assertion  that  Consis  VA  is  provable  in  VA,  which  is  false  according 
to  the  second  Godel  incompleteness  theorem. 

In  [26]  (cf.[59])  Godel  again  acknowledged  the  problem  of  the  provability  semantics  for  <54. 
This  issue  was  also  addressed  by  Lemmon  [44],  Myhill  [55], [56],  Kripke  [40],  Montague  [54], 
Mints  [52],  Kuznetsov  &  Muravitsky  [43],  Goldblatt  [27],  Boolos  [12], [14]  Shapiro  [62], [63], 
Buss  [17],  Artemov  [1],  and  many  others.  However,  the  problem  of  finding  an  adequate 
provability  semantics  for  <54  has  remained  open. 

A  principal  difficulty  here  is  caused  by  the  existential  quantifier  over  proofs  in  the  prov¬ 
ability  formula  Provable(y),  which  is  3x Proof  (x,  y),  where  Proof  (x,y)  is  the  standard  arith¬ 
metical  formula  saying  ux  is  the  code  of  a  proof  of  a  formula  with  the  code  y” .  The  formula 
Provable  (y)  may  be  characterized  as  the  implicit  provability  operator,  since  in  a  model  of 
arithmetic  Provable (F)  does  not  always  guarantee  the  existence  of  a  proof  of  F.  Indeed,  in 
a  given  model  of  VA  an  element  that  instantiates  the  existential  quantifier  in  3a '.Proof  (x,  F ) 
may  be  nonstandard.  In  this  case  3 xProof  {x,F)  (i.e.  Provable [F))  is  true  in  the  model,  but 
there  is  no  “real”  7M-derivation  behind  such  an  x.  This  explains  why  the  reflection  principle 
Provable (F)  — > F  is  not  derivable  in  VA'.  the  formula  Provable(F)  does  not  necessarily  deliver 
a  “real”  proof  of  F. 

This  consideration  suggests  the  idea  of  introducing  a  kind  of  explicit  provability  logic 
by  switching  from  the  formulas  3xFroo/(a:,F)  to  the  formulas  Proof (t,F)  and  replacing  the 
existential  quantifier  on  proofs  in  the  former  by  Skolem  style  operations  on  proofs  in  the 
latter.  The  usual  Skolem  technique,  however,  does  not  work  here,  since  there  are  no  uniform 
commutation  laws  for  the  quantifiers  and  the  provability  operator. 

Some  of  these  operations  appeared  in  the  proof  of  Godel’s  second  incompleteness 
theorem.  Within  that  proof  (cf.[12],[14]),[51],[65])  in  order  to  establish  what  are 
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now  known  as  Hilbert-Bernays-Lob  derivability  conditions  one  constructs  com¬ 
putable  functions  m(x,y)  and  c(x)  such  that 

VA  I-  Proof  (s,  F-i-G)  A  Proof  (t,  F)  ->  Proof  (m(s,t),G), 

VA  H  Proof  (t,  F )  -4  Proof  (c(t),  Proof  (t,  F)). 

Then  those  facts  are  relaxed  to  their  simplified  versions 

VA  h  Provable  (F  -4  G)  A  Provable  (F)  -4  Provable  (G) , 

VA  h  Provable (F)  -4  Provable  (Provable  (F)), 
sufficient  to  establish  the  incompleteness  theorem. 

In  one  of  his  lectures  [26]  in  1938  (first  published  in  1995,  see  also  [59])  Godel  sketched  an 
explicit  version  of  54  3  with  the  basic  proposition  “t  is  a  proof  of  F”  and  operations  similar  to 
m(x,y)  and  c(*).  Although  this  sketch  does  not  contain  exact  definitions,  it  shows  the  way 
to  explain  the  reflexivity  principle  for  provability  logic,  which  was  the  major  difficulty  in  54. 

Godel’s  proposal  generalized  the  problem  of  formalization  of  classical  BHK  semantics  for 
Int  to  the  problem  of  building  an  explicit  provability  logic:  presumably,  the  former  was 
derivable  from  the  latter.  The  questions  about  an  appropriate  language  and  a  complete  set 
of  axioms  for  explicit  provability  logic,  as  well  as  the  question  about  its  ability  to  realize  Int 
and  54  had  remained  open. 

Kreisel  in  [37], [39]  (apparently  without  knowledge  of  [26])  developed  a  formal  theory  of 
constructions  with  a  basic  predicate  like  Godel’s  “t  is  a  proof  of  F”,  but  with  only  partial 
success  (cf .  [5 9] ,  [72] ,  [7 6] ) . 

In  this  paper  we  present  a  recent  solution  of  the  following  problems,  discussed  above. 

1.  To  give  the  intended  semantics  and  to  find  a  complete  axiom  system  for  the  explicit 
provability  logic  sketched  by  Godel  in  1938  ([26]). 

We  consider  the  logical  language  in  GodePs  format  “t  is  a  proof  of  F"  and  give  its  exact 
provability  semantics.  We  demonstrate  that  one  more  operation  should  be  added  to  GodePs 
sketch  of  the  explicit  provability  logic  in  order  to  enable  it  to  emulate  the  entirety  of  54.  We 
call  the  resulting  system  the  Logic  of  Proofs  (CP)4.  Here  we  establish  the  soundness  and 
completeness  of  CP  with  respect  to  the  intended  provability  semantics  (Theorem  7.1). 

3  Godel’s  sketch  was  rather  clear  about  the  propositioned  principles  of  explicit  provability  logic.  It  also 
mentioned  possible  principles  involving  the  first  order  quantifiers,  but  was  not  specific  on  this  matter.  We 
consider  the  propositional  part  of  GodePs  sketch  only. 

4  CP  was  found  by  the  author  independently  of  GodePs  paper  [26].  The  first  presentations  of  CP  took  place 
at  the  author’s  talks  at  the  conferences  in  Munster  and  Amsterdam  in  1994.  Preliminary  versions  of  CP  along 
with  the  completeness  theorem  and  realization  of  Si  in  CP  appeared  in  Technical  Reports  [4],  [6],  cf.  also  a 
survey  [31].  Note  that  despite  its  title  the  paper  [3]  does  not  introduce  CP. 
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2.  To  find  an  adequate  provability  semantics  for  the  Godel  provability  logic  54  ([25]). 

We  establish  that  CP  realizes  all  of  54  by  assigning  proof  terms  to  the  modalities  in  every 
54-derivation  (Theorem  8.2).  This  gives  an  adequate  provability  model  for  <S4  along  the  lines 
of  Godel’s  suggestion  in  [26]. 

3.  To  formalize  the  classical  BHK  semantics  for  Int  and  to  establish  the  completeness  of 
intuitionistic  logic  with  respect  to  this  semantics. 

We  consider  two  realizations  of  Int  in  CP.  The  first  one  is  defined  by  Godel’s  translation 
of  intuitionistic  formulas  into  modal  language  “box  all  subformulas”,  with  the  subsequent 
realization  in  CP.  The  second  one  is  the  McKinsey-Tarski  translation  (“box  all  atoms  and 
implications”)  followed  by  the  realization  in  CP.  Each  of  those  two  semantics  is  established 
to  be  adequate  for  intuitionistic  propositional  logic.  This  confirms  Kolmogorov’s  assumption 
of  1932  that  intuitionistic  logic  Int  coincides  with  the  calculus  of  solutions  to  problems  in 
classical  mathematics.  CP  may  be  considered  as  the  “unified  logical  technique  dealing  with 
two  types  of  objects:  statements  and  problems”  meant  by  Kolmogorov  in  1932  ([34], [35]). 
This  also  achieves  the  original  objective  of  Godel  (1933)  to  define  Int  via  the  classical  notion 
of  proof. 

CV  provides  a  provability  semantics  for  certain  areas  of  logic  and  applications  where  main 
objects  have  had  informal  provability  interpretations.  For  example,  CP  may  be  considered 
as  a  generalization  of  combinatory  logic  in  that  it  is  able  to  iterate  the  type  assignment 
In  particular,  CP  can  express  the  propositions  of  the  form  t:(s:F),  which  are  outside  the 
scope  of  the  usual  combinatory  logic.  CP  naturally  contains  the  defined  abstraction  operator 
A*x  which  is  an  extension  of  the  defined  A-abstraction  operator  X*x  in  combinatory  logic 
(cf.[73]).  This  generalizes  the  Curry-Howard  presentation  of  intuitionistic  proofs  as  typed 
A-terms.  Moreover,  through  realizations  in  CP  both  modality  and  A-terms  receive  a  uniform 
provability  semantics  and  thus  may  be  treated  as  the  objects  of  the  same  nature,  namely  proof 
terms. 

4  Logic  of  Proofs 


4.1  Definition.  The  language  of  Logic  of  Proofs  (CP)  contains 

the  usual  language  of  classical  propositional  logic 
proof  variables  x0, . . . ,  xn, . . .,  proof  constants  oo, . . . ,  an, . . . 
function  symbols:  monadic  !,  binary  •  and  + 
operator  symbol  of  the  type  “ term  :  formula ” . 
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We  will  use  o,  6,  c, . . .  for  proof  constants,  u,  v,  w,  x,y,z,. ..  for  proof  variables,  i,  j,  k,  l ,  m,  n 
for  natural  numbers.  Terms  are  defined  by  the  grammar 

p  ::=  Xi  |  a,i  |  \p  |  Pi  -P2  |  Pi  +P2 

We  call  these  terms  proof  polynomials  and  denote  them  by  p,r,s,t. . ..  By  analogy  we  refer  to 
constants  as  coefficients.  Constants  correspond  to  proofs  of  a  finite  fixed  set  of  propositional 
schemas.  We  will  also  omit  •  whenever  it  is  safe.  We  also  assume  that  (a  ■  b  •  c),  (a  •  b  •  c  •  d), 
etc.  should  be  read  as  ((a  ■  b)  •  c),  (((a  •  b)  •  c)  •  d),  etc. 

Using  t  to  stand  for  any  term  and  5  for  any  propositional  letter,  the  formulas  are  defined 
by  the  grammar 

<r  ::=  5  |  — Y&2  I  0iA<72  |  <riVo-2  j  -»<r  |  tier 

We  wall  use  A,B,C,F,G,H,X,Y,Z  for  the  formulas  in  this  language,  and  T,  A, ...  for  the 
finite  sets  (also  finite  multisets,  or  finite  lists)  of  formulas  unless  otherwise  explicitly  stated. 
We  will  also  use  x,y,z,...  and  p,r,s,...  for  vectors  of  proof  variables  and  proof  polynomials 
respectively.  If  s  —  (slt . . .,  sn)  and  T  =  (Fj, . . . ,  Fn),  then  s: T  denotes  (sj  :Fi, . . .,  sn :  Fn), 
Vr  =  FxV...V  Fn,  f\ T  =  Fx A  . . .  A  Fn.  We  assume  the  following  precedences  from  highest 
to  lowest:  !,  •,  +, :,  -i,  A,  V,  -4.  We  will  use  the  symbol  =  in  different  situations,  both  formal 
and  informal.  Symbol  =  denotes  syntactical  identity,  rE~'  is  the  Godel  number  of  E. 

The  intended  semantics  for  p :  F  is  “p  is  a  proof  of  F” ,  which  will  be  formalized  in  the 
next  section.  Note  that  proof  systems  which  provide  a  formal  semantics  for  piF  are  multi¬ 
conclusion  ones,  i.e.  p  may  be  a  proof  of  several  different  F’s  (see  Comment  4.8). 


4.2  Definition.  The  system  CPq.  Axioms: 

AO.  Finite  set  of  axiom  schemes  of  classical  propositional  logic  in  the  language  of  CP 


Al.  t:F  — ►  F 

A2.  t:(F  — y  (?)  — >■  (s:F  — ^  (t*®)  ‘G) 

AS.  tzF  -y  lt:(t:F) 

A4.  s:F -y  (s+t):F,  t:F-y(s+t):F 

Rule  of  inference: 


“verification” 
“application” 
“proof  checker” 
“choice” 


Rl.  G 

The  system  CP  is  CPq  plus  the  rule 


“modus  ponens”. 


R2.  c:  A 

if  A  is  an  axiom  AO  -  A4,  and  c  a  proof  constant  “axiom  necessitation”. 
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A  Constant  Specification  (CS )  is  a  finite  set  of  formulas  Ci  :  A\ , . . . ,  cn  :  An  such  that  c;  is 
a  constant,  and  A,-  an  axiom  AO  -  A4.  Each  derivation  in  CP  naturally  generates  the  CS 
consisting  of  all  formulas  introduced  in  this  derivation  by  the  axiom  necessitation  rule. 


4.3  Comment.  Proof  constants  in  CP  stand  for  proofs  of  “simple  facts”,  namely  propo¬ 

sitional  axioms  and  axioms  A1  -  Af.  In  a  way  the  proof  constants  resemble  atomic  con¬ 
stant  terms  ( combinators )  of  typed  combinatory  logic  (cf.[73j).  A  constant  c\  specified  as 
ci :  (A  — ►  (B  A))  can  be  identified  with  the  combinator  \tA'B  of  the  type  A  — V  (B  — >  A). 
A  constant  c2  such  that  c2  :  [(A  -*  (B  C))  -»  ((A  -»■  B)  -4  (A  ->•  C))]  corresponds  to  the 
combinator  sA'B’c  of  the  type  (A-t(B-tC))  ((A->  B) -►  (A-*C)).  The  proof  variables 

may  be  regarded  as  term  variables  of  combinatory  logic,  the  operation  as  the  application 
of  terms.  In  general  an  £P-formula  t :  F  can  be  read  as  a  combinatory  term  t  of  the  type 
F.  Typed  combinatory  logic  CL-,,  thus  corresponds  to  a  fragment  of  CP  consisting  only  of 
formulas  of  the  sort  t :  F  where  t  contains  no  operations  other  than  and  F  is  a  formula 
built  from  the  propositional  letters  by  only. 

There  is  no  restriction  on  the  choice  of  a  constant  c  in  R2  within  a  given  derivation.  In 
particular,  R2  allows  to  introduce  a  formula  c :  A(c),  or  to  specify  a  constant  several  times 
as  a  proof  of  different  axioms  from  AO  -  Af.  One  might  restrict  CP  to  injective  constant 
specifications,  i.e.  only  allowing  each  constant  to  serve  as  a  proof  of  a  single  axiom  A  within  a 
given  derivation  (although  allowing  constructions  c:  A(c),  as  before).  Such  a  restriction  would 
not  change  the  ability  of  CP  to  emulate  classical  modal  logic,  or  the  functional  and  arithmetical 
completeness  theorems  for  CP  (below),  though  it  will  provoke  an  excessive  renaming  of  the 
constants. 

Both  CPq  and  CP  enjoy  the  deduction  theorem 

T,  A  t-  B  =*►  Tl-A->-B, 

and  the  substitution  lemma:  IfT(x,  P)  h  B(x,P )  for  a  propositional  variable  P  and  a  proof 
variable  x,  then  for  any  proof  polynomial  t  and  any  formula  F 

T(x/t,P/F)\-B(x/t,P/F). 

For  a  given  constant  specification  CS  under  CP<£S)  we  mean  CPq  plus  CS.  Obviously, 

F  is  derivable  in  CP  with  a  constant  specification  CS  CP(£S)  hF  »  CPq  h  f\CS  — ^  F. 

4.4  Proposition.  (Lifting  lemma)  Given  a  derivation  V  of  the  type 

s:  f,  A  \-£p  F, 
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one  can  construct  a  proof  polynomial  t(x,  y)  such  that 


s:T,y:A\~£p  t(s,y):F. 


Proof.  By  induction  on  the  derivation  s:T,Ah  F.  If  F  =  S{ :  G,  €  s:  T,  then  put  t  :=!sj 
and  use  A3.  If  F  —  Dj  6  A,  then  put  t  :=  yj.  If  F  is  an  axiom  AO  -  A4,  then  pick  a  fresh 
proof  constant  c  and  put  t  :=  c;  by  R2,  h  c:F.  Let  F  be  introduced  by  modus  ponens  from 
G  -¥  F  and  G.  Then,  by  the  induction  hypothesis,  there  are  proof  polynomials  u(s,  y)  and 
v(s,y)  such  that  u  :  (G  — )•  F)  and  v :  G  are  both  derivable  in  CP  from  s:T,y:  A.  By  A2, 
s:T,y:A  I-  (tit?)  :F,  and  we  put  t  :=  uv.  If  F  is  introduced  by  R2,  then  F  =  c:  A  for  some 
axiom  A.  Use  the  same  R2  followed  by  AS:  c:A  -*!c:c:  A,  to  get  s:T,y:  A  Hc:F,  and  put 
t  :=Ic. 

◄ 


Note  that  if  A  1 ~£p0  F,  then  one  can  construct  t(y)  which  is  a  product  of  proof  constants 
and  variables  from  y  such  that  y :  A  I ~£pQ  t(y) :  F.  It  is  easy  to  see  from  the  proof  that  the 
lifting  polynomial  t(x,y)  is  nothing  but  a  blueprint  of  T>.  Thus  CP  accommodates  its  own 
proofs  as  terms. 

4.5  Corollary.  (Necessitation  rule) 

F  =>■  h  p:F  for  some  proof  polynomial  p 

This  is  a  special  case  of  lifting.  It  follows  from  the  proof  of  lifting  Lemma  4.4  that  p  here  is 
a  blueprint  of  a  derivation  of  F  in  CP  that  is  implicitly  present  in  the  assertion  “I-  F”.  Note, 
that  p  is  a  ground  proof  polynomial  (i.e.  p  has  no  proof  variables),  which  does  not  contain 
‘+*. 

As  we  can  see  in  section  8  CP  suffices  to  emulate  all  <S4-derivations. 

4.6  Example.  <S4 1-  (DA  A  OB)  — >■  □(AAB) 

In  CP  the  corresponding  derivation  is 

1.  A — ^  (JB — ^AaB),  by  AO) 

2.  c:(A-+(B-¥AaB)),  from  1,  by  R2, 

3.  x:A-t(c  •  x) :  (B-}AaB),  from  2,  by  A2, 

4.  x:A-+(y:B— >(c  •  x  •  y):(AAB)),  from  3,  by  A2  and  propositional  logic, 

5.  x:AAy:B  — >■  (c  •  x  •  y) :  (AAB)),  from  4,  by  propositional  logic. 


4.7  Example.  <S4  I-  (OAVOB)  -¥  □(AVJ3). 
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In  CP  the  corresponding  derivation  is 

1.  A  — t  AVB,  B  -4  A\/B ,  by  AO, 

2.  a:(A  -4  A  V  B),  b:  (B  — t  A  V  B),  by  R2, 

3.  x:A  — >•  (o-i):(AvB),  y:B  -4  (b-y):(AvB),  from  2,  by  A2, 

4.  (a-®) :  ( AVB )  -4  (a-x+b-y) :  (AVB),  ( b-y ) :  (AVB)  -4  (a-x+b-y) :  (AVB),  by  A4, 

5.  (®  :A  V  y:B)  -4  ( a-x+b-y ) :  (AV.B),  from  4,  by  propositional  logic. 


4.8  Comment.  The  operations  and  “!”  are  present  for  single-conclusion  as  well  as  on 
multi-conclusion  proof  systems.  On  the  other  hand,  “+”  is  an  operation  for  multi-conclusion 
proof  systems  only.  Indeed,  by  A4  we  have  s:F  At:G  -4  (s+t) :  F  A  (s+t) :  G,  thus  s  +  t 
proves  different  formulas.  The  differences  between  single-conclusion  and  multi-conclusion 
proof  systems  are  mostly  cosmetic.  Usual  proof  systems  (Hilbert  or  Gentzen  style)  may 
be  considered  as  single-conclusion  if  one  assumes  that  a  proof  derives  only  the  end  formula 
(sequent)  of  a  proof  tree.  On  the  other  hand,  the  same  systems  may  be  regarded  as  multi¬ 
conclusion  by  assuming  that  a  proof  derives  all  formulas  assigned  to  the  nodes  of  the  proof 
tree.  The  logic  of  strictly  single-conclusion  proof  systems  was  studied  in  [2],  [3]  and  in  [42], 
where  it  meets  a  complete  axiomatization  (system  TCP).  TCP  is  not  compatible  with  any 
modal  logic  (cf.  Comment  8.5)  and  thus  is  not  directly  relevant  to  the  problem  of  finding 
an  intended  semantics  for  the  modal  logic  of  provability.  Therefore,  provability  as  a  modal 
operator  corresponds  to  multi-conclusion  proof  systems. 

No  single  operator  “t in  CP  is  a  normal  modality  since  none  of  them  satisfies  the  property 
t:(P—^Q)  — >■  (t :  P  -4 1 :  Q) .  This  makes  CP  essentially  different  from  numerous  polymodal 
logics,  e.g.  the  dynamic  logic  of  programs  ([36]),  where  the  modality  is  upgraded  by  some 
additional  features.  In  turn,  in  the  Logic  of  Proofs  the  modality  is  decomposed  into  a  family 
of  proof  polynomials  (see  section  8). 


5  Standard  provability  interpretation  of  CP 

The  Logic  of  Proofs  is  meant  to  play  for  the  notion  of  proof  a  role  similar  to  that  played  by 
the  boolean  propositional  logic  for  the  notion  of  statement.  It  is  shown  in  sections  5  and  7  of 
this  paper  that  CP  enjoys  the  soundness/completeness  property: 

CP  b  F  F  is  true  under  any  interpretation  . 

Any  system  of  proofs  with  a  proof  checker  operation  capable  of  internalizing  its  own  proofs  as 
terms  (cf.[66])  may  be  within  the  scope  of  CP.  In  particular,  any  proof  system  for  first  order 
Peano  Arithmetic  VA  (cf.[12],  [14],  [51],  [68])  provides  a  model  for  CP  with  Godel  numbers 
of  proofs  being  an  instrument  for  internalizing  proofs  as  terms.  The  soundness  (=^)  does 
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not  necessarily  refer  to  arithmetical  models.  However,  VA  is  convenient  for  establishing  the 
completeness  (<=)  of  CP:  given  CP\f  F  one  can  always  find  a  proof  system  for  VA  along  with 
an  evaluation  of  variables  in  F  which  makes  F  false  (Theorem  7.1). 

In  sections  5  and  7  of  this  paper  by  Ai  and  Ei  we  mean  the  corresponding  classes  of 
arithmetical  predicates.  We  will  use  to  denote  arithmetical  formulas,  /,#,  h  to  denote 
arithmetical  terms,  and  i,j,  to  denote  natural  numbers  unless  stated  otherwise.  We 
will  use  the  letters  u,  v,  in,  x,  y,  z  to  denote  individual  variables  in  arithmetic  and  hope  that 
a  reader  is  able  to  distinguish  them  from  the  proof  variables.  If  n  is  a  natural  number,  then 
n  will  denote  a  numeral  corresponding  to  n,  i.e.  a  standard  arithmetical  term  0///*"  where  ' 
is  a  successor  functional  symbol  and  the  number  of  7,s  equals  n.  We  will  use  the  simplified 
notation  n  for  a  numeral  n  when  it  is  safe. 

5.1  Definition.  We  assume  that  VA  contains  terms  for  all  primitive  recursive  functions 
(cf.  [68]),  called  primitive  recursive  terms .  Formulas  of  the  form  f(x)  =  0  where  f(x)  is  a 
primitive  recursive  term  are  standard  primitive  recursive  formulas .  A  standard  Ei  formula  is 
a  formula  3x<p(x,y)  where  <p(x,y)  is  a  standard  primitive  recursive  formula.  An  arithmetical 
formula  ip  is  provably  Ei  if  it  is  provably  equivalent  in  VA  to  a  standard  Ei  formula;  <p  is 
provably  Ai  iff  both  ip  and  -up  are  provably  Si. 


5.2  Definition.  A  proof  predicate  is  a  provably  Ai-formula  Pr/(x,y)  such  that  for  every 
arithmetical  sentence  ip 

VA  I-  ip  for  some  n£u>  Pr/(n,  r<p n)  holds5. 

A  proof  predicate  Prf(xfy)  is  normal  if  the  following  conditions  are  fulfilled: 

1)  (finiteness  of  proofs)  For  every  proof  k  the  set  T(k)  =  {/  |  Prf(k,l)}  is  finite.  The 
function  from  k  to  the  canonical  number  of  T(k)  is  computable. 

2)  ( conjoinability  of  proofs)  For  any  natural  numbers  k  and  l  there  is  a  natural  number  n 
such  that 

T(k)UT(l)  CT(n). 

The  conjoinability  indicates  that  normal  proof  predicates  are  multi-conclusion  ones. 


5.3  Comment.  Every  normal  proof  predicate  can  be  transformed  into  a  single-conclusion 
one  by  changing  from 

“p  proves  Fi , . . . ,  Fn”  to  “(p,  i)  proves  i  =  1, . . . ,  n” . 

5We  have  omitted  bars  over  numerals  for  natural  numbers  n,  ripm}  in  the  formula  Pr/and  will  do  it  consistently 
throughout  this  paper. 


13 


In  turn,  every  single-conclusion  proof  predicate  may  be  regarded  as  normal  multi-conclusion 
by  reading 

“p  proves  F\A  ...  AFn”  as  “p  proves  each  of  F,-,  i  = 


5.4  Proposition.  For  every  normal  proof  predicate  Prf  there  are  computable  functions 
m{x,  y),  a(x,  y),  c(x)  such  that  for  all  arithmetical  formulas  cp,  if)  and  all  natural  numbers  k,  n 
the  following  formulas  are  valid: 

Prf(k,r<p-+x()~l)  A  Prf(n,r<p~')-*Prf(m(k,n),r‘ip~l) 

Prf  {k,  V)  -*  Prf(a(k,  n), V),  Prf(n , «V)  -+  Prf(a(k,  n ) ,  «V) 

Prf(k,  r^)-^Prf(c(k)^Prf(k,  ‘VD- 

Proof.  The  following  function  can  be  taken  as  m: 

Given  k,n  set  m(k,n )  =  p,z.“Prf(z,rxpn)  for  all  if  such  that  there  are  r<p-+ip~'  £ 

T(k )  and  r<p~l  £  T(n)  ”  . 

Likewise,  for  a  one  could  take 

Given  k,  n  set  a(k,  n)  =  pz.  T (k)  U  T(n)  C  T(z)  ”. 

Finally,  c  may  be  given  by 

Given  k  set  c(fc)  =  pz.“Prf(z,rPrf(k,r<p~')~')  for  all  ryP  £  T(k)”.  Such  a  z 
always  exists.  Indeed,  Prf(k,ryP)  is  a  true  Aj  sentence  for  every  r yp  £  T(k), 
therefore  they  all  are  provable  in  PA.  Use  conjoinability  to  find  a  uniform  proof 
of  all  of  them. 


◄ 


Note  that  the  natural  arithmetical  proof  predicate  PROOF(x,y) 

“x  is  the  code  of  a  derivation  containing  a  formula  with  the  code  if ’ . 
is  an  example  of  a  normal  proof  predicate. 

5.5  Definition.  An  arithmetical  interpretation  *  of  the  £P-language  has  the  following 
parameters: 

•  a  normal  proof  predicate  Prf  with  the  functions  m(x,y),  a(x,y),  c(x)  as  in  Proposition 
5.4, 
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•  an  evaluation  of  propositional  letters  by  sentences  of  arithmetic,  and 

•  an  evaluation  of  proof  variables  and  proof  constants  by  natural  numbers. 

Let  *  commute  with  boolean  connectives, 

(*•«)*  =  («  +  «)*  =  o(i*,«*),  (!t)*  =  c(f), 

(t:F)*  =  Prf(F,n^). 

Under  an  interpretation  *  a  proof  polynomial  t  becomes  the  natural  number  £*,  an  £P-formula 
F  becomes  the  arithmetical  sentence  F*.  A  formula  ( t:F )*  is  always  provably  Ai.  Note  that 
VA  (as  well  as  any  theory  containing  a  certain  finite  set  of  arithmetical  axioms,  e.g.  Robinson’s 
arithmetic)  is  able  to  derive  any  true  Ai  sentence,  and  thus  to  derive  a  negation  of  any  false 
Aj  sentence  (cf.[51]).  For  a  set  X  of  £P-formulas  under  X*  we  mean  the  set  of  all  F*’s 
such  that  F  €  X.  Given  a  constant  specification  CS,  an  arithmetical  interpretation  *  is  a 
CS -interpretation  if  all  formulas  from  CS*  are  true  (equivalently,  are  provable  in  VA).  An 
jCP-formula  F  is  valid  (with  respect  to  the  arithmetical  semantics)  if  the  arithmetical  formula 
F*  is  true  under  all  interpretations  *.  F  is  CS-valid  if  F*  is  true  under  all  GS-interpretations 
*. 


5.6  Proposition.  (Arithmetical  soundness  of  CPq) 

1.  If  CPq  h  F  then  F  is  valid. 

2.  If  CPq  h  F  then  VA  I-  F*  for  any  interpretation  *. 

Proof.  A  straightforward  induction  on  the  derivation  in  CPq.  Let  us  check  2.  for  the  axiom 
t :  F  — ►  F.  Under  an  interpretation  *  (t:F  -¥  F)*  =  Prf  (t*  ,r  F*~*)  — >•  F*.  Consider  two 
possibilities.  Either  Prf(t*,rF*~l)  is  true,  in  which  case  t*  is  indeed  a  proof  of  F*,  thus 
VA  h  F*  and  VA  I-  (t:F  F)*.  Otherwise  Prf(t*,  rF*~[)  is  false,  in  which  case  being  a  false 
Ai  formula  it  is  refutable  in  VA,  i.e.  VA  I — Vrf(t*,rF*~')  and  again  VA  h  (t:F  -»  F)*. 

◄ 


5.7  Corollary.  (Arithmetical  soundness  of  CP) 

1.  If  CP  (CS)  1-  F  then  F  is  CS-valid. 

2.  If  CP  IQS)  \~  F  then  VA  h  F*  for  any  CS -interpretation  *. 


5.8  Comment.  The  standard  provability  semantics  for  CP  above  may  be  characterized  as 
a  call-by-value  semantics,  since  the  evaluation  F*  of  a  given  GP-formula  F  depends  upon  the 
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value  of  participating  functions.  A  call-by-name  provability  semantics  for  CP  was  introduced 
in  [4]  and  then  used  in  [42],  [64].  In  the  latter  semantics  F*  depends  upon  the  particular 
programs  for  the  functions  participating  in  *. 

In  order  to  define  the  call-by-name  provability  semantics  for  CP  we  assume  that  PA  has 
the  standard  set  of  tools  to  introduce  i-terms.  We  use  a  new  functional  symbol  Lz.ip(z)  for 
each  arithmetical  formula  <p(z)  and  assume  that  t-terms  could  be  eliminated  by  using  the 
small  scope  convention  (cf.[20]).  The  term  iz.<p(z )  is  called  computable  if  ip(z)  is  provably 
Si.  A  computable  term  represents  some  computable  function,  every  computable  function  is 
represented  by  a  computable  term  (cf.[51]). 

The  term  tz.(p(z)  is  provably  total  if  VA  I-  3i  z<p(z),  i.e.  PA  proves  that  there  exists  a 
unique  z  such  that  <p(z).  In  particular,  every  arithmetical  term  in  a  narrow  sense,  i.e.  a 
term  built  from  0  by  ',+,  x  may  be  regarded  as  a  provably  total  computable  term.  A  closed 
computable  term  is  a  computable  provably  total  term  iz.(p(z)  such  that  <p(z)  contains  no  free 
variables  other  than  z. 

The  set  of  computable  terms  is  closed  under  substitution.  The  result  of  substituting  a 
closed  computable  term  into  a  Ai  formula  is  again  a  Ax  formula.  Closed  computable  terms 
stand  for  all  computable  “names”  for  natural  numbers.  There  is  an  algorithm  which  for  any 
closed  computable  term  /  calculates  its  value,  i.e.  the  numeral  n  such  that  PA  f  =  n. 

An  analog  of  Proposition  5.4  can  be  established  that  for  every  normal  proof  predicate 
Prf  there  are  computable  terms  m(x,y),  a(x,  y),  c(x)  such  that  if  /,  g  are  closed  computable 
terms,  then  m(f,g),  a(f,g),  c(r f~*)  are  again  closed  computable  terms  and  for  all  arithmetical 
formulas  <p,  ib  the  following  formulas  are  valid: 

Prf(f,  r<P~>r)  A  Prf(g, r gP)  Prf  (m(f ,  g)^^) 

Prf  (/,  Prf  ( a{f ,  g),  rgP),  Prf  (g,  ■>'')  ->•  Prf(a(f,  g),  ry>"1) 

Prf(f,  V)  -4  Prf  (cCP), r Prf  (f,  I>T)- 

Note  that  c(r fn)  depends  on  the  code  of  /  rather  than  on  the  value  of  /.  In  particular,  it 
may  be  the  case  that  the  values  of  /  and  g  are  equal,  but  c(r/'1)  ^  c(rgn). 

An  interpretation  *  is  defined  by  the  choice  of  a  normal  proof  predicate  Prf  with  the  terms 
m(x, y),  a(x,y),  c(x),  an  evaluation  of  propositional  letters  by  sentences  of  arithmetic,  and 
an  evaluation  of  proof  variables  and  proof  constants  by  closed  computable  terms.  As  before 
*  commutes  with  boolean  connectives,  ( t-s )*  =  m(t*,s*),  (t  +  s)*  =  a(t*,s*),  (It)*  =  c(rt*n), 
(t:F)*  =  Prf(t*, rF*~]).  Note  that  unlike  the  standard  call-by-value  interpretation  above  in 
this  case  we  substitute  not  the  numeral  of  the  value  of  /  for  the  variable  x  in  Prf(x,  y)  but  a 
term  /  itself.  Under  any  interpretation  *  a  proof  polynomial  t  becomes  a  closed  computable 
term  t*,  an  £P-formula  F  becomes  an  arithmetical  sentence  F*.  A  formula  ( t:F )*  is  always 
provably  A\. 

As  it  was  established  in  [4]  CP  is  sound  and  complete  with  respect  to  this  call-by-name 
provability  interpretation.  In  fact  the  soundness  in  this  case  can  be  shown  by  an  easy  modifi- 
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cation  of  the  soundness  proof  for  the  standard  call-by-name  interpretation  above.  In  Comment 
7.15  we  will  discuss  how  to  establish  the  completeness  of  CP  in  the  call-by-name  case. 


6  A  sequent  formulation  of  Logic  of  Proofs 

By  sequent  we  mean  a  pair  T  A,  where  T  and  A  are  finite  multisets  of  £P-formulas.  For 
T,  F  we  understand  T  U  {F}. 

Axioms  of  CPQq  are  sequents  of  the  form  T,F=>  F,  A  and  r,  1  =>  A.  Along  with  the  usual 
Gentzen  sequent  rules  of  classical  propositional  logic,  including  the  cut  and  construction  rules 
(e.g.  like  G2c  from  [73]) ,  the  system  CPQq  contains  the  rules 


A,  T  =»  A 
t:A, r  A 


(:  =*) 


T  =>  A ,t:A 
T  =>  A, \t:t:A 


(=►«) 


T  ^  A ,t:A 


r  ^  A,  (t  +  s) :  A 


(=►+) 


T  =$►  A  ,t:A 


T  =£•  A,  (s  + 1) :  A 


(=►+) 


T  =$►  A, 5: (A  — >  B)  T  =$>  A}t:A 
T  =£•  A  ,(s  •  t):B 


(=►•) 


As  will  follow  from  the  proof  of  7.1  the  rule  ( ^  •)  for  CPQq  (but  not  for  CPQ)  can  in  fact 
be  limited  by  the  condition  that  A  —¥  B  must  occur  in  T,  A,  without  losing  any  provable 
sequents. 

The  system  CPQ  is  CPQq  plus  the  rule 


-  (=M, 

r  =>  c:  A,  A 

where  A  is  an  axiom  AO  -  A4  from  section  4,  and  c  is  a  proof  constant. 

CPQ~  and  CPQq  are  the  corresponding  systems  without  the  rule  Cut. 

6.1  Proposition.  CPQq\tY  =$>  A  iff  CP0  h  /\T  -»■  \/ A,  CPQ  h  T  =$►  A  iff  CP  /\T 
VA. 

The  proof  proceeds  by  a  straightforward  induction  both  ways. 
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6.2  Corollary.  CP(pS)  I-  F  iff  £PQ0^CS=>F. 


6.3  Definition.  The  sequent  T  =3>  A  is  saturated  if 

1.  A  -4  B  e  T  implies  B  €  T  or  A  6  A, 

2.  A  -4  B  €  A  implies  A  €  T  and  B  €  A6, 

3.  t:A  €  T  implies  A  €  T, 

4.  lt:t:A  (E  A  implies  6  A, 

5.  (s  +  t):A  €  A  implies  s:A  6  A  and  t:A  6  A 

6.  (s  ■  t)  :  B  €  A  implies  /or  each  X  B  occurring  as  a  subformula  in  F,  A  either 
s:(X  ->  B)  €  A  ort\X  €  A. 

6.4  Lemma.  (Saturation  lemma)  Suppose  CPQq  1/  T  =>  A.  Then  there  exists  a  saturated 
sequent  T'  =>•  A'  such  that 

l.TCT',  AC  A', 

5.  r'  =>•  A'  is  not  derivable  in  CPGq  . 

Proof.  A  saturated  sequent  is  obtained  by  the  following  Saturation  Algorithm  «SL4.  Given 
r  =*  A,  for  each  undischarged  formula  5  from  T  U  A  non-deterministically  try  to  perform 
one  of  the  following  steps.  At  the  moment  0  all  formulas  from  T  U  A  are  available  After  a 
step  is  performed  discharge  S  (make  it  unavailable).  If  none  of  the  clauses  1  -  7  is  applicable 
terminate  with  success. 

1.  if  5  =  (A  — »  B)  €  T,  then  put  A  into  A  or  B  into  T, 

2.  if  5  =  (A  — ^  B)  €  A,  then  put  A  into  T  and  B  into  A, 

3.  if  5  =  t:A  G  T,  then  put  A  into  T, 

4.  if  S  =\t:t:A  €  A,  then  put  t:A  into  A, 

5.  if  5  =  (s  +  t):A  €  A,  then  put  both  s:A  and  t:A  into  A, 

6.  if  S  =  (s  •  t) :  B  €  A,  then  for  each  Xi, . . . ,  Xn  such  that  Xi  —tB  is  a  subformula  in 
T,  A  put  either  s:(Jf,-  — ►  B)  or  t:X{  into  A, 

7.  if  r  H  A  ^  0  or  J.  €  r,  then  backtrack.  If  backtracked  to  the  root  node  terminate  with 
failure.  When  backtracking  to  a  given  node  make  available  again  all  the  formulas  discharged 
after  leaving  this  node  the  previous  time. 

The  Saturation  Algorithm  <SA  terminates.  Indeed,  <S.4  is  finitely  branching  and  each  non¬ 
backtracking  step  breaks  either  a  subformula  of  T  ^  A  or  a  formula  of  the  type  t :  F,  where 
both  t  and  F  occur  in  T  =>  A.  There  are  only  finitely  many  of  those  formulas,  which  guarantees 
termination.  Moreover,  SA  terminates  with  success.  Indeed,  otherwise  <SL4  terminates  at  the 
root  node  T  =*•  A  of  the  computation  tree  with  all  the  possibilities  exhausted  and  no  way  to 
backtrack.  Then  the  computation  tree  T  of  SA  contains  the  sequent  T  A  at  the  root,  and 

6The  clauses  concerning  other  boolean  connectives  are  optional. 
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CPQo  axioms  at  the  leaf  nodes.  By  a  standard  induction  on  the  depth  of  a  node  in  T  one  can 
prove  that  every  sequent  in  T  is  derivable  in  CPGq  ,  which  contradicts  the  assumption  that 
CPQq  \f  T  =£•  A.  The  nodes  corresponding  to  the  steps  1-5  and  7  are  trivial.  Let  us  consider 
a  node  which  corresponds  to  6.  Such  a  node  is  labelled  by  a  sequent  II  =4*  Q,  st :  B,  and  its 
children  are  2n  sequents  of  the  form  II  =i>  Q,st:B,Y{,...,Y£,  where  a  =  (<Ti . . . , crn)  is  an 
n-tuple  of  0’s  and  l’s,  and 


(  s:(Xi  — »•  B),  if  er,  =  0 
\  t:X{,  if  <r,-  =  1. 


Here  X\, . .  -,Xn  is  the  list  of  all  formulas  such  that  Xi  -4  B  is  a  subformula  of  T  A.  By 
the  induction  hypothesis  all  the  child  sequents  are  derivable  in  CPGff  .  In  particular,  among 
them  there  are  2n_1  pairs  of  sequents  of  the  form  II  =>•  0',s:(Xi  -4  B)  and  II  =>-  &,t:X i. 
To  every  such  pair  apply  the  rule  ( =3-  •)  to  obtain  II  ©'  (we  assume  that  st :  B  €  ©')• 
The  resulting  2n_1  sequents  are  of  the  form  II  =£•  Q,st:  B,Y£ , . .  .,1^.  After  we  repeat  this 
procedure  n  —  1  more  times  we  end  up  with  the  sequent  FI  =>  0,  st :  B,  which  is  thus  derivable 
in  EPS*. 

◄ 


Note  that  in  a  saturated  sequent  T  A  which  is  not  CPQ0  -derivable  the  set  T  is  closed  under 
the  rules  t:XfX  and  X-tY, X/Y. 

6.5  Lemma.  For  each  saturated  sequent  T  =>■  A  not  derivable  in  CPQq  there  is  a  set  of 
£P -formulas  T  (a  completion  of  T  =»  A )  such  that 

1.  T  is  a  provably  decidable  set,  for  each  term  t  the  set  I(t)  =  {X  \  t:X  G  F}  is  finite  and 
a  function  from  a  code7  oft  to  a  code8  of  I  (t)  is  provably  computable, 

2.  F  £  T  implies  F  €  T,  A  d  T  =  0, 

3.  ift:X  €  T,  then  X  G  T, 

4-  if  s:(X  -+Y)  €  T  andt:X  €  T,  then  ( s-t):Y  €  T, 

5.  if  t:X  G  T,  then  \t:t:X  €  T, 

6.  ift'.X  €  T  and  s  is  a  proof  polynomial,  then  (t  +  s)  :X  €  T  and  (s  +  t):X  €  T. 

Proof.  We  describe  a  completion  algorithm  COM  that  produces  a  series  of  finite  sets  of 

£P-formulas  r0,  Fj,  T2, - Let  T0  =  {F  \  F  €  T}. 

For  each  natural  number  i  >  1  let  COM  do  the  following: 

if  i  =  3 k,  then  COM  sets 

r,+i  =  Ti |J{(s  -t):Y\  s:(X -tY),t:X  €  T,}, 

5,t 

7For  example,  the  Godel  number  of  t. 

8 For  example,  the  canonical  number  of  the  finite  set  of  Godel  numbers  of  formulas  from  I(t). 
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if  i  =  3ft  +  1,  then  COM  sets 


Ti+1  =  Ti\J{\t:t:X\t:X  £Ti}, 

t 


if  i  =  3  ft  +  2,  then  COM  sets 

r,+x  =  Ti[j{(s  +  t):X,(t  +  s):X  \t:X  e  I\ , |«|  <  t.}9 

s,t 


Let 

f=Ur- 

i 

By  definition,  T,-  C  I\+i. 

It  is  easy  to  see  that  at  step  i  >  0  COM  produces  either  a  formula  from  T  or  formulas  of 
theform  t :  X  with  the  length  of  t  greater  than  i/3.  This  observation  secures  the  decidability 
of  T.  Indeed,  given  a  formula  F  of  length  n  wait  until  step  i  =  3ra  of  COM;  F  G  Tn  iff  F  G  T. 
Similar  argument  establishes  the  decidability  of  I ( t )  from  which  one  can  construct  the  desired 
provable  computable  arithmetical  term  for  I(t). 

In  order  to  establish  2  and  3  we  prove  by  induction  on  i  that  for  all  i  =  0, 1, 2, . . . 

a.  r,-nA  =  0, 

b.  t-.x  er,-  x  e  r„ 

c. x-^y.ier,'  =*>  rer,. 

The  base  case  i  =  0  holds  because  of  the  saturation  properties  of  To  =  T. 

For  the  induction  step  assume  the  induction  hypothesis  that  the  properties  A,B,  and  C 
hold  for  i  and  consider  r,+i . 

A.  Suppose  there  is  F  6  I\+i  n  A  but  F  ^  I\.  There  are  three  possibilities.  If  i  —  1  =  3fc 
then  F  is  (s  -t):Y  such  that  s:(X  —*Y),t:X  €  T,  for  some  X.  From  the  description  of  COM 
it  follows  that  (X— £  F.  By  the  saturation  properties  of  T  =>  A,  since  (s  •t):Y  €  A  and 
X  — ¥  Y  occurs  in  T  either  s :  (X  -f  Y)  €  A  or  t :  X  €  A.  In  either  case  r,-  D  A  /  0  which  is 
impossible  by  the  induction  hypothesis. 

If  i  —  1  =  3ft  + 1  then  F  is  \t:t:X  such  that  t :X  €  F,.  By  the  saturation  properties  of  A, 
t:X  €  A.  Again  r«  D  A  ^  0  which  is  impossible  by  the  induction  hypothesis. 

If  i  —  1  =  3ft  +  2  then  F  is  (t  +  s) :  X  such  that  either  t :  X  €  I\-  or  s  :  X  6  T,-.  By  the 

saturation  properties,  from  (t  +  s) :X  G  A  conclude  that  both  t:X  6  A  and  s:X  €  A.  Once 
again,  I\-  fl  A  ^  0  which  is  impossible  by  the  induction  hypothesis. 

Thus  Tj+i  n  A  =  0. 

9M  is  the  length  of  s,  i.e.  the  total  number  of  variables,  constants,  and  functional  symbols  in  s. 
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B.  Suppose  p:Be  I\-+i  and  p:B  £  I\.  We  conclude  that  in  this  case  B  £  I\+i .  Indeed, 
again  there  are  three  possibilities. 

If  If  i  —  1  =  3k  then  p:B  is  (s  -t):Y  such  that  s:(X-*Y),t:X  £  T;  for  some  X.  By  the 
induction  hypothesis  for  T,-,  (X-)-Y),X  £  T,  and  thus  Y  £  I\.  By  the  inclusion  T,-  C  r,+i, 

Yeri+1. 

If  i  —  1  =  3A;  +  1  then  p:B  is  \t:t:X  such  that  T;.  Then  t:X  €  r,-+i. 

If  i  —  1  =  3fc  -f-  2  then  p :  B  is  (t  +  s) :  B  such  that  either  i :  B  £  T,-  or  s :  B  £  I\-.  By  the 
induction  hypothesis,  in  either  case  B  £  T,-,  therefore  B  €  r,+i. 

C.  Suppose  X-tY,  X  £  Tf+i.  From  the  description  of  COM  it  follows  that  (X— >Y)  6  T. 
By  the  saturation  properties  of  T  =$■  A,  either  Y  £  T  or  X  £  A.  In  the  former  case  we  are 
done.  If  X  £  A  then  r,+i  n  A  /  0,  which  is  impossible  by  item  A  of  the  induction  step. 

Items  4.,  5.,  and  6.  of  Lemma  6.5  are  guaranteed  by  the  definition  of  COM.  Indeed,  if  some 
if  condition  is  fulfilled,  then  it  occurs  at  step  i  and  COM  necessarily  puts  the  then  formula 
into  r,+3  at  the  latest. 


7  Consolidated  completeness  theorem 


In  this  section  we  establish  completeness  and  cut  elimination  theorems  for  the  Logic  of  Proofs. 

7.1  Theorem.  The  following  are  equivalent 

1.  CPdo  I-  T  =►  A, 

2.  CPQo  h  r  =*  A, 

5.  cPo  p  A  r  -4  v  a, 

4-  for  every  interpretation  *  VA  f-  (/\T  — y  \J  A)*, 

5.  for  every  interpretation  *  the  formula  (f\T  V  A)*  is  true. 

Proof.  The  steps  from  1  to  2  and  from  4  to  5  are  trivial.  The  step  from  2  to  3  follows  from 
6.1,  and  the  step  from  3  to  4  follows  from  5.6.  The  only  remaining  step  is  thus  from  5  to  1. 
We  assume  “not  1”  and  establish  “not  5”.  Suppose  CPQq  \f  T  =»  A.  Our  aim  now  will  be 
to  construct  an  interpretation  *  such  that  (f\T  ~^\f  A)*  is  false  (in  the  standard  model  of 
arithmetic). 

From  the  saturation  procedure  get  a  saturated  sequent  T'  =»•  A'  (6.4),  and  then  make  a 
completion  to  get  a  set  of  formulas  I7  (6.5). 

We  define  the  desired  interpretation  *  on  propositional  letters  S',-,  proof  variables  Xj  and 
proof  constants  aj  first.  We  assume  that  Godel  numbering  of  the  joint  language  of  CP  and 
VA  is  injective,  i.e. 

rE\~[  =  r^2_1  4-+  E\  =  E2 
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for  any  expressions  E\ ,  E% ,  and  that  0  is  not  a  Godel  number  of  any  expression.  For  a 
propositional  letter  S,  proof  variable  x  and  proof  constant  a  let 


S* 


r5"1  =  rsn,  user 
rS~'  =  0,  if  5  £  f', 


The  remaining  parts  of  *  are  constructed  by  an  arithmetical  fixed  point  equation  below. 

For  any  arithmetical  formula  Prf(x,y)  define  an  auxiliary  translation  t  of  £P-terms  to 
numerals  and  /^-formulas  to  TM-formulas  such  that  St  =  5*  for  any  propositional  letter  S, 
=  rt~l  for  any  /IP-term  t,  ( t:F )*  =  Prf(t^,rF^n),  and  *  commutes  with  the  propositional 
connectives. 

It  is  clear  that  if  Prf(x,y )  contains  quantifiers,  then  t  is  injective,  i.e.  Ft  =  q\  yields 
F  =  G.  Indeed,  from  Ft  =  (?t  jt  follows  that  the  principal  connectives  in  F  and  G  coincide. 
We  consider  one  case:  (F1-+F2)*  =  (s:G)t  is  impossible.  Since  (s:G)t  =  Prf(k,n)  for  the 
corresponding  numerals  k  and  n,  this  formula  contains  quantifiers.  Therefore  the  formula 
(Fj->F2)t  =  Ft  t  -4  F^t  also  contains  quantifiers  and  thus  contains  a  subformula  of  the 
form  Prf(ki,ni).  However,  (s:G)t  =  Fjt  -4  F2^  is  impossible  since  the  numbers  of  logical 
connectives  and  quantifiers  in  both  parts  of  =  are  different.  Now  the  injectivity  of  t  can 
be  shown  by  an  easy  induction  on  the  construction  of  an  £P-formula.  Moreover,  one  can 
construct  primitive  recursive  functions  /  and  g  such  that 

f(rBn,  rPrf )  =  g(rB^,  rPrf )  =  rB \ 

Let  (PROOF,  ®,  0,  ft )  be  the  standard  multi-conclusion  proof  predicate  from  section  5, 
with  ®  standing  for  application,  0  for  choice  and  ft  for  proof  checker  operations  on  proofs 
associated  with  PROOF.  In  particular,  for  any  arithmetical  formulas  <p,  ip  and  any  natural 
numbers  k,  n  the  following  formulas  are  true: 

PROOF(k,  •>-+  V’*’)  A  PROOF (n,  r<p "’)  -4  Prf(k  <g>  n,  rip ^ 

PROOF[k ,  rgP)  -4  PROOF (k  ©  n, r yF) ,  PROOF {n, ryF)  PROOF {k  0  n,  ryF) 

PROOF  (k,  -4  PROOF  (((k,  rPROOF(k ,  r^)n). 

For  technical  convenience  and  without  loss  of  generality  we  assume  that  PROOF(rtn,k)  is 
false  for  any  £P-term  t  and  any  k  €  w. 

By  /ix.ip(x,  y)  we  mean  a  function  that  calculates  x  such  that 


<p(x,  y)  A  Vz  <  x-> <p(z,y). 

It  is  dear  that  fix.<p(x,  y)  is  computable  if  <p(x,  y)  A  Vz  <  x-xp(z,  y)  is  provably  Ei.  There  are 
two  convenient  sufficient  conditions  under  each  of  which  fix.(p(x,  y)  is  computable: 

<p(x,  y)  is  provably  Aj , 
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y?(x,y)  is  provably  Si  and  functional  with  respect  to  x,  i.e.  (p(ki,n)A<p(k2,n)  -»•  kx  =  k2 
is  true  for  all  ki,  k2,  it. 

By  an  arithmetical  fixed  point  argument  we  construct  a  formula  Prf(x,y)  such  that  VA 
proves  the  following  fixed  point  equation  (FPE): 

Prf(x,y)  4+  PROOF  (x,y)  V 

(“x  =  rt~l  for  some  CP -term  t  and 
y  =  rB^~ '  for  some  CP -formula  B  such  that  B  £  I{t)  ”) 

Here  the  arithmetical  formula  describes  a  primitive  recursive  procedure:  given  x  and 
y  recover  t  and  B  such  that  x  =  rt*1  and  y  =  then  verify  B  £  I(t).  From  FPE  it 

is  immediate  that  Prf  is  a  provably  Ax-formula,  since  PROOF  {x^y)  is  provably  Ai.  It  also 
follows  from  FPE  that  PA  I-  ip  yields  Prf(k,rip~')  for  some  k  £  u. 

We  define  the  arithmetical  formulas  M(x ,  y,  z),  A(x,  y,  z),  C(x,  z)  as  follows 

M(x,  y,  z )  (“x  =  rs"’  and  y  =  rt_l  for  some  CP -terms  s  and  t”  A  z  =  rs  •  t"1)  V 

(“x  =  rsn  for  some  CP -term  s  and  y  ^  for  any  CP -term  t”  A 
3u|>  =  fxw.(/\{PROOF(w,  rB t-1)  |  B  £  /(«)})  ”  A  z  =  uig)  y])  V 

(“x  ^  rs~*  for  any  CP -term  s  and  y  =  rtn  for  some  CP -term  t”  A 
3u[“v  =  pw.(h{PROOF(w,  rB^)  |  B  £  /(«)})”  A  2  =  x  ®  v])  V 

(“x  5^  rs"1  and  y  ^  rt~*  for  any  CP -terms  s  and  t”  A  z  =  x  ®  y) 

A(x,  y,  z )  (“x  =  rs~l  and  y  =  rt~[  for  some  CP -terms  s  and  t ”  A  z  =  rs  + 1”1)  V 

(“x  =  rs~'  for  some  CP -term  s  and  y  rt~l  for  any  CP -term  t”  A 
3u[  “v  =  pw.(/\{PROOF{w,  rB^)  \  B  £  /(«)})  ”  A  z  =  v  ©  y])  V 

(“x  ^  rs~*  for  any  CP -term  s  and  y  =  rt~*  for  some  CP -term  t”  A 
3v[“u  =  pw.(/\{PROOF(w,rB^)  \  B  £  /(t)})”  A  z  =  x  ©  v])  V 

(“x  ^  rsn  and  y  ^  rt~t  for  any  CP -terms  s  and  t”  A  z  =  x(&y) 

C(x,z)  4->-  (“x  =  rf  for  some  CP -term  t”  A  z  =  r\t~l)  V 

(“x  rtn  for  any  CP -term  t”  A 

3u[  “v=pw.(/\{PROOF(w,  rPROOF(t,  rqP)  Prf(t, |  T(£)})  ”  A 

Z  =  Wgl'frx]) 
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Here  . .”  denotes  a  natural  arithmetical  formula  representing  in  VA  the  condition  . .’,  uv  = 
fiw.ijj"  is  a  natural  formula  representing  in  VA  the  function  pw.ip.  Note  that  in  the  definitions 
above  all  these  functions  are  computable  since  all  the  corresponding  t/>’s  are  provably  A] . 
Therefore  M(x,y,z),  A(x,y,z)  and  C(x,z)  are  provably  Si.  Moreover,  these  formulas  are 
functional  with  respect  to  z.  By  the  necessary  conditions  above  the  functions  m(x,y),  a(x,y) 
and  c(x)  are  computable. 

We  continue  defining  the  interpretation  *.  Let  Prf  for  *  be  the  one  from  F PE, 
m(x,y)  :=  y,z.M(x,y,z),  a(x,y)  :=  pz.A(x,y,z),  c(x)  :=  pz.C(x, z). 


7.2  Lemma. 

a)  t*  =  ft  for  any  CP -term  t, 

b)  B *  =  fit  for  any  CP -formula  B. 

Proof.  a)  Induction  on  the  construction  of  an  CP- term.  Base  cases  are  covered  by  the 
definition  of  the  interpretation  *.  For  the  induction  step  note  that  according  to  the  definitions, 
the  following  equalities  are  provable  in  VA: 

(s  •  t)*  =  ro(s*,  t*)  =  m(r*P,  rO  =  rs  •  f  =  (s  •  t)+, 

(s  + 1)*  =  a(s*,  t*)  =  a(rs rf)  =  rs  +  p={s  + 1)+, 

(!t)*  =  c(t*)  =  c(T)  =  rir  =  (Itjt. 

b)  By  an  induction  on  B  we  prove  that  B *  and  B^  coincide.  The  atomic  case  when  B  is  a 
propositional  letter  holds  by  the  definitions.  If  B  is  t:F,  then  (t:F)*  =  Prf(t*,  rF*"1).  By 
a),  f*  =  ft.  By  the  induction  hypothesis,  F*  =  F*  which  yields  rF*n  =  rF+"1.  Therefore 
Prf  (t* ,r F*~*)  =  Prf  ,r F^)  =  (t :  F)^ .  The  inductive  steps  are  trivial. 

◄ 


7.3  Corollary.  The  mapping  *  is  injective  on  terms  and  formulas  of  CP.  In  particular,  for 
all  expressions  E\  and  E? 

TP  *  _  TP  *  _v  jp  _  jp 

£j\  —  Ej2  £f\  =  Ej  2« 


7.4  Corollary.  X *  is  provably  Ai  /or  any  CP -formula  X  . 

Indeed,  if  X  is  atomic,  then  X  is  provably  Ai  by  the  definition  of  *.  If  X  is  t:Y,  then  (t:Y)* 
is  Prf(t*,rY*~l).  By  Lemma  7.2, 

VA  \~  Pr/(t*,ry**1)  Pr/(rf1,ry*'1). 
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The  latter  formula  is  provably  Ai,  therefore  (t:Y)*  is  provably  A*.  Since  the  class  of  provably 
Ai  formulas  is  closed  under  boolean  connectives  X*  is  provably  Ai  for  each  X. 

7.5  Lemma.  If  X  £  P,  then  VA  h  X*,  if  X  £  A',  then  VA  b  ->X*. 

Proof.  By  induction  on  the  length  of  X.  Base  case,  i.e.  X  is  atomic  or  X  =  t :  Y.  Let 
X  be  atomic.  By  the  definition  of  *,  X*  is  true  iff  X  £  P.  Let  X  =  t:Y  and  t:Y  £  P. 
Then  VA  b  “Y  £  /(«)”.  By  FPE,  VA  b  Prf{rP,rY^).  By  Lemma  7.2,  VA  h  Prf(t*,rY*n). 
Therefore  VA  b  (i:F)*. 

If  *:F  €  A',  then  i:F  £  P  and  “F  €  J(t)”  is  false.  The  formula  PROOF(t\ rF*'1)  is  also 
false  since  t*  is  rt"1  (by  Lemma  7.2)  and  PROOF  {^t^,  k )  is  false  for  any  k  by  assumption.  By 
FPE ,  (f  :F)*  is  false.  Since  (i:F)*  is  provably  Ai  (Lemma  7.4)  VA  I-  ->(t:Y)*. 

The  induction  steps  corresponding  to  boolean  connectives  are  standard  and  based  on  the 
saturation  properties  of  P  =»  A'.  For  example,  let  X  =  F  -4  Z  £  P.  Then  F  Z  G  P,  and 
by  Definition  6.3,  F  £  P  or  Z  £  A1.  By  the  induction  hypothesis,  F*  is  true  or  Z*  is  false, 
and  thus  (F  — >■  Z)*  is  true,  etc. 

◄ 


7.6  Lemma.  VA  b  ip  &  Prf(n ,  r<pn)  for  some  n  £  u. 

Proof.  It  remains  to  establish  (<=) .  Let  Pr/(n,  rgP)  for  some  n  £  u>.  By  FPE , 

Prf(n,r(pn)  =>■  PROOF{n,r(p~f)  or  rip~i  =  rB^~]  for  some  B  such  that  t:B  £  P. 

In  the  latter  case  by  the  saturation  property  of  P,  B  £  P.  By  Lemma  7.5,  VA  b  B* .  By  the 
injectivity  of  the  Godel  numbering,  </?  =  S* .  By  Lemma  7.2,  (p  =  B*.  Therefore  VA  h  <p. 

◄ 


7 .7  Lemma.  For  all  arithmetical  formulas  <p,  if)  and  natural  numbers  k,  n  the  following  is 
true 

a)  Prf(k,rip-¥tl)~[)  A  Prf(n,r(p~])-^Prf(m(k,n),ril)~l) 

b)  Prf  (k,  r(p "*)  -4  Prf  (a(k,  n),  l>~1),  Prf(n ,  rgp) -4  Prf(a(k,  n),  r<p~>) 

c)  Prf  (k,  r(p~*)-}Prf(c(k), r Prf(k ,  «Vy»). 

Proof,  a)  Assume  Prf  (k,  and  Prf(n,  There  are  four  possibilities. 

i)  Neither  of  k,  n  is  equal  to  a  Godel  number  of  an  CP- term.  By  FPE ,  both  PROOF (n,  rip~l) 
and  PROOF (k,r<p-tip~')  hold,  so  PROOF(k®n,riJ)~ ')  does  also. 
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ii)  Both  k  and  n  are  equal  to  Godel  numbers  of  some  CP -terms,  say  k  =  rs~'  and  n  =  rt~'. 
By  FPE,  <p  is  F*  and  ip  is  G*  for  some  £P-formulas  F,  G  such  that  F— €  I(s)  and  F  €  I(t) . 
By  the  closure  property  of  F  (Lemma  6.5(4)),  G  €  I(s  •  t).  By  FPE,  Prf(rs  •  t~',rG*~').  By 
Lemma  7.2  and  by  definitions,  VA  proves  that 

rs-t~*  =  ( s-t )*  =  m(s*,t*)  =  ro(r5",,rt"1)  =  m(k,n). 

Thus  m(k,  n)  =  rs  • 1"1  and  Prf(m(k,  n),  rip~])  is  true. 

iii)  k  is  not  equal  to  the  Godel  number  of  an  CP -term,  n  =  rtn  for  some  CP-term  t.  By 
FPE,  PROOF(k,r(p-+ip~ ’)  and  <p  =  F^  for  some  £P-formula  F  such  that  F  €  I(t).  Compute 
the  number 

l  =  fiw.(/\{PROOF(w,rB^)  |  B  €  /(«)}) 

by  the  following  method.  Take  /(f)  =  {B\, . . .,  F/}.  By  definition,  B,  £  T',  i  =  1,...,/. 
By  Lemma  7.5,  VA  h  B  *  for  all  i  =  1, . . /.  By  Lemma  7.2,  VA  I-  Bj  for  all  i  =  1, . . .,  /. 
By  the  conjoinability  property  of  PROOF  there  exists  w  such  that  PROOF (w,  rB^~')  for 
all  i  =  1, ...,/.  Let  j  be  the  least  such  w.  In  particular,  PROOF(j,rF t"1).  By  the  defi¬ 
nition  of  <S>,  PROOF (k  <g>  j,rip~').  By  the  definition  of  M,  VA  b  m(k,n)  —  k  <g»  j,  therefore 
PROOF(m(k,n),rip~])  holds. 

Case  iv):  “s  is  a  Godel  number  of  an  CP- term  but  t  is  not  a  Godel  number  of  any  CP-term" 
is  similar  to  (iii) . 

Case  (5)  can  be  checked  in  the  same  way  as  (a) . 

c)  Given  Prf(k,  r<p~l)  there  are  two  possibilities. 

i)  k  =  rt~>  for  some  £P-term  t.  By  FPE,  =  F*  for  some  F  such  that  F  e  7(f) .  By  the 
closure  property  6.5(5)  of  F,  !t:t:F  €  F.  By  Lemma  7.5,  (!t:t:F)*  holds.  By  definitions, 

(!t:t:F)*  =  Prf  (c(t*)  ,r  Prf  (t*  ,r  F*~')~') . 

By  Lemma  7.2,  t*  =  rtn  and  F*  =  FL  Therefore  t*  =  k,  F*  =  (p  and 

Prf  (c(k)  ,rPrf(k,  r(pn)  *1) . 

ii)  k  ^  rt~}  for  any  £P-term  t.  By  FPE,  PROOF  (k,r<p~l)  holds.  By  definition  of  the  proof 
checking  operation  ff  for  PROOF, 

PROOF  (flfe, r  PROOF  (k,  r<p'D. 

By  the  definition  of  C,  in  this  case  VA  h  c(fc)  =  l  <g>  -ft-fc  where 

/  =  iiw.f\{PROOF(w,rPROOF(k,rip~')-*Prf(k,rip~')~')  \  PROOF (k,r ip’')}. 
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By  the  definition  of  /, 


Therefore 


By  FPE, 


therefore 


◄ 


PROOF  (l,  rPROOF(k,  rV’)  -►  Prf(k,  r^D. 
PR00F(l  <g>  #,rPr/(fc,r^)-'). 

Prf(c(k),^Prf(k,^p). 


7.8  Lemma.  The  normality  conditions  for  Prf  are  fulfilled. 

Proof.  By  FPE,  Pr/ is  provably  Ai.  It  follows  from  FPE  and  7.6  that  for  any  arithmetical 
sentence  ip 

VA  I-  <p  if  and  only  if  Pr/(n,  holds  for  some  natural  n. 

Finiteness  of  proofs.  For  each  n  the  set 

T(k)  =  {l\Prf(k,l)} 

is  finite.  Indeed,  if  k  is  a  number  of  an  FF-term,  we  can  use  the  finiteness  of  I (t) ;  otherwise  we 
use  the  normality  of  PROOF.  An  algorithm  for  the  function  from  k  to  the  canonical  number 
of  T(k)  for  Prf  can  be  constructed  from  those  for  PROOF,  and  from  the  decision  algorithm 
for  I(t),  Lemma  6.5(1). 

Conjoinability  of  proofs  for  Prf  is  realized  by  the  function  a{x,y)  since  by  Lemma  7.7, 

T(k)  U  T(n)  C  T(a(k,  n)). 


◄ 

Let  us  finish  the  proof  of  the  final  “not  1  implies  not  5”  part  of  7.1.  Given  a  sequent  T  =>  A 
not  provable  in  £PGq  we  have  constructed  an  interpretation  *  such  that  T*  are  all  true,  and 
A*  are  all  false  in  the  standard  model  of  arithmetic  (7.5).  Therefore,  (/\T  — »  V  A)*  is  false. 


7.9  Corollary.  CPq  is  decidable. 
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Given  an  £P-formula  F  run  the  saturation  algorithm  SA  on  a  sequent  =$>•  F.  If  <S4  fails,  then 
CPo  H  F.  Otherwise,  CPo  I /  F. 

7.10  Corollary.  (Completeness  of  CP  with  respect  to  the  provability  semantics.) 

CP<QS)  I-  F  &  PA  h  F*  for  any  CS -interpretation  *. 

<=>■  F*  is  true  for  any  CS -interpretation  *. 

7.11  Corollary.  (Cut  elimination  in  CPo.)  Every  sequent  derivable  in  CPQq  can  be  derived 
without  the  cut  rule. 

Proof.  By  Theorem  7.1  CPQq  h  T  A  iff  CPQq  h  T  =>  A. 

◄ 


7.12  Corollary.  (Cut  elimination  in  CP.)  Every  sequent  derivable  in  CPQ  can  be  derived 
without  the  cut  rule. 

Proof.  Cut  elimination  for  CP  can  be  established  by  a  direct  system  of  reductions,  and  it 
has  been  done  in  [6],  [7].  We  may  also  get  the  cut  elimination  theorem  for  CP  as  a  side 
product  of  the  arithmetical  completeness  theorem  for  CP.  Indeed,  a  straightforward  analogue 
of  Theorem  7.1  where  CPo  and  CPQq  are  replaced  by  CP  and  CPQ  respectively  holds.  As  in 
7.1  it  suffices  to  establish  that  if  CPQ  1/  T  =£>  A  then  for  any  constant  specification  CS  there 
exists  a  GS-interpretation  *  such  that  the  arithmetical  sentence  (/\T  -4  \/A)*  is  false.  Let 
us  sketch  changes  that  should  be  made  in  the  definitions  and  proofs  from  Sections  6  and  7 
to  make  them  work  for  CP.  Fix  a  constant  specification  CS.  Definition  6.3  of  the  saturated 
sequent  should  be  updated  by 
7.  CS  n  A  =  0 

The  item  7  of  the  saturation  algorithm  should  be  updated  by  an  additional  backtracking 
condition:  if  CS  n  A  =  0  then  backtrack.  Then  Lemma  6.4  holds  with  the  new  definition  of  a 
saturated  sequent  and  CPQ~  instead  of  CPQq  .  Item  3  of  Lemma  6.5  should  be  read  as 
3.  CS  6  T  and  ift:X  €  T  \CS,  then  X  €  T 

The  new  completion  algorithm  should  begin  with  setting  T0  =  {F  \  F  e  T  UGS}.  The  rest  of 
6.5  and  the  entire  7.1  remain  intact  under  the  new  definitions. 

◄ 


7.13  Comment.  Decidability  of  CP  follows  from  the  results  of  [53].  This  fact  can  also  be 
easily  obtained  from  the  cut  elimination  property  of  CP  (Corollary  7.12). 
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7.14  Corollary.  (Non-emptiness  of  provability  semantics  for  CP).  For  any  constant  speci¬ 
fication  CS  there  exists  a  CS-  interpretation  *. 

Proof.  An  easy  inspection  of  the  rules  in  CPQq  shows  that  the  sequent  CS  =>•  is  not  derivable 
in  CPQq  ,  and  thus  CPQq  \f  CS  ■=$■  .  Indeed,  if  CPQq  I-  c:  A  =$>  ,  then  c:  A  is  introduced  by  the 
rule  (:  =£• )  from  a  previously  derived  sequent  A  =>  .  This  is  impossible  since  A  is  an  axiom 
of  CPq  and  thus  CPQq  h  A:  should  CPQq  h  A  =>  ,  we  would  have  CPQq  I-  =>-  ,  which  is 
impossible,  e.g.  because  CPQq  I /  =*■  . 

From  CPQq  1/  CS  =$■  it  follows  that  CPQq  I /  =>  ->CS.  By  7.1,  there  exists  an  interpretation 
*  such  that  (-CS)*  is  false,  i.e.  CS*  is  true. 

◄ 


7.15  Comment.  The  straightforward  analogue  of  Theorem  7.1  holds  for  the  call-by-name 
semantics  (cf.  Comment  5.8)  as  well.  Some  minor  modifications  are  needed  to  adapt  the  proof 
of  7.1  to  this  new  case.  First,  we  redefine  px.<p(x,  y)  as  an  arithmetical  /.-term 

iz.[<p(x,  y)  A  Vz  <  x-i <p(z,  0]. 

Then  we  write  down  a  Fixed  Point  Equation  that  is  similar  to  FPE  from  7.1  with  some 
adjustments  corresponding  to  the  understanding  of  *  as  the  call-by-name  interpretation,  and 
the  new  reading  of  px.ip(x,  y)  as  an  arithmetical  i-term  (cf.[4],  [42], [64]). 


7.16  Comment.  In  [64]  a  complete  axiomatization  of  the  joint  logic  of  proofs  with  its 
call-by-name  semantics  and  the  formal  provability  was  found.  Thus  CP  as  it  was  presented 
in  [4]  was  combined  with  the  logic  of  formal  provability  QC  (cf.[12],[14]). 

8  Realization  of  modal  and  intuitionistic  logics 

It  is  easy  to  see  that  the  forgetful  projection  of  CP  is  correct  with  respect  to  54.  Let  F°  be 
the  result  of  substituting  OX  for  all  occurrences  of  t:X  in  F,  and  T°  =  {F°  |  F  6  T}  for  any 
set  T  of  £P-formulas. 

8.1  Lemma.  If  CP  1-  F,  then  54  h  F°. 

Proof.  This  is  a  straightforward  induction  on  a  derivation  in  CP. 

◄ 

The  goal  of  the  current  section  is  to  establish  the  converse,  namely  that  CP  suffices  to 
realize  any  54  theorem.  By  an  CP- realization  of  a  modal  formula  F  we  mean  an  assignment 
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of  proof  polynomials  to  all  occurrences  of  the  modality  in  F.  Let  Fr  be  the  image  of  F  under 
a  realization  r.  Positive  and  negative  occurrences  of  modality  in  a  formula  and  a  sequent  are 
defined  in  the  usual  way.  Namely 

1.  an  indicated  occurrence  of  □  in  OF  is  positive; 

2.  any  occurrence  of  □  from  F  in  G->F,  GAF,  FaG,  GvF,  FvG,  OF  and  T  =*►  A,F 
has  the  same  polarity  as  the  corresponding  occurrence  of  □  in  F; 

3.  any  occurrence  of  □  from  F  in  -> F,  F-*G  and  F,T  =>  A  has  a  polarity  opposite  to 
that  of  the  corresponding  occurrence  of  □  in  F. 

In  a  provability  context  OF  is  intuitively  understood  as  “ there  exists  a  proof  x  of  F\  After 
a  skolemization,  all  negative  occurrences  of  □  produce  arguments  of  Skolem  functions,  while 
positive  ones  give  functions  of  those  arguments.  For  example,  OA  — »•  OB  should  be  read 
informally  as 

3x  “  x  is  a  proof  of  A”  -4  3y  “  y  is  a  proof  of  B”, 
with  the  Skolem  form 


“  x  is  a  proof  of  A”  “  f(x)  is  a  proof  of  B”. 

The  following  definition  captures  this  feature:  a  realization  r  is  normal  if  all  negative  occur¬ 
rences  of  □  are  realized  by  proof  variables. 

8.2  Theorem.  If  51  b  F,  then  CP  b  Fr  for  some  normal  realization  r. 

Proof.  Consider  a  cut-free  sequent  formulation  of  54,  with  sequents  T  A,  where  T  and  A 
are  finite  multisets  of  modal  formulas.  Axioms  are  sequents  of  the  form  S  =>  S,  where  S'  is  a 
propositional  letter,  and  the  sequent  _L  =>■  .  Along  with  the  usual  structural  rules  (weakening, 
contraction,  cut)  and  rules  introducing  boolean  connectives  there  are  two  proper  modal  rules 
(cf.[73j): 


A,r  =»  A  ,  nr  =►  A  . 

- (□=>)  - (=►□) 

□A,  r  =>  A  and  DT  =*  □  A 

(□{Ai,...,An}  =  {DA1,...,DAn}). 

If  54  b  F,  then  there  exists  a  cut-free  derivation  T  of  a  sequent  ^  F.  It  suffices  now  to 
construct  a  normal  realization  r  such  that  CP  b  f\  Tr  — »  V  Ar  for  any  sequent  T  =>  A  in  T. 
We  will  also  speak  about  a  sequent  T  =>  A  being  derivable  in  CP  meaning  CP  b  f\T  — ►  V  A, 
or,  equivalently,  T  b^p  V  or  b  T  =*>  A.  Note  that  in  a  cut-free  derivation  T  the  rules 
respect  polarities,  all  occurrences  of  □  introduced  by  ( =$■  □)  are  positive,  and  all  negative 
occurrences  are  introduced  by  (□  => )  or  by  weakening.  Occurrences  of  □  are  related  if  they 
occur  in  related  formulas  of  premises  and  conclusions  of  rules;  we  extend  this  relationship  by 
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transitivity.  All  occurrences  of  □  in  T  are  naturally  split  into  disjoint  families  of  related  ones. 
We  call  a  family  essential  if  it  contains  at  least  one  case  of  the  ( =$>  □)  rule. 

Now  the  desired  r  will  be  constructed  by  steps  1-3  described  below.  We  reserve  a  large 
enough  set  of  proof  variables  as  provisional  variables. 

Step  1.  For  every  negative  family  and  nonessential  positive  family  we  replace  all  occur¬ 
rences  of  □  by  “x:”  for  a  fresh  proof  variable  x. 

Step  2.  Pick  an  essential  family  /,  enumerate  all  the  occurrences  of  rules  ( =»  □)  which 
introduce  boxes  of  this  family.  Let  nj  be  the  total  number  of  such  rules  for  the  family  /. 
Replace  all  boxes  of  the  family  /  by  the  term 

(t?i  +  . . .  +  vnf), 

where  v,’s  are  fresh  provisional  variables.  The  resulting  tree  To  is  labelled  by  CP  formulas, 
since  all  occurrences  of  the  kind  DA  in  T  are  replaced  by  t:X  for  the  corresponding  t. 

Step  3.  Replace  the  provisional  variables  by  proof  polynomials  as  follows.  Proceed  from 
the  leaves  of  the  tree  to  its  root.  By  induction  on  the  depth  of  a  node  in  To  we  establish 
that  after  the  process  passes  a  node,  a  sequent  assigned  to  this  node  becomes  derivable  in 
CP.  The  axioms  S  =$■  S  and  JL  =$■  are  derivable  in  CP.  For  every  rule  other  than  (=£•□)  we 
do  not  change  the  realization  of  formulas,  and  just  establish  that  the  concluding  sequent  is 
provable  in  CP  given  that  the  premises  are.  Moreover,  every  move  down  in  the  tree  To  other 
than  (^>  □)  is  a  rule  of  the  system  CPS ,  therefore,  the  induction  steps  corresponding  to  these 
moves  follow  easily  from  the  equivalence  of  CP  and  CPS- 

Let  an  occurrence  of  the  rule  ( ^-  □)  have  number  i  in  the  numbering  of  all  rules  ( ^  □) 
from  a  given  family  /.  This  rule  already  has  a  form 

3/i  'Y\  >  •  •  •  >  Pk  'Tfc  Y 
3/i  •  i  •  •  •  j  3/fc "  (^l  “b  •  •  •  *f"  rin j ) :  Y  , 

where  y\ , . . . ,  y*  are  proof  variables,  «i, . . . ,  unf  are  proof  polynomials,  and  u,  is  a  provisional 
variable.  By  the  induction  hypothesis,  the  premise  sequent  y\ : Yi, . . . ,  yj.  :Yk  =»  Y  is  derivable 
in  CP,  which  yields  a  derivation  of 


3/1  'Yi, .  ••,yk’Yk  ^  Y. 


By  lifting  lemma  (Proposition  4.4),  construct  a  proof  polynomial  £(t/i, . . .  ,yn )  such  that 

3/i  :^ii  •  •  •  1 3/fc  'Yk  t(yi, . . . ,  i/n)  ’Y 

is  derivable  in  CP.  Since 


CPht:Y  («!  +  ...  +  ttj_i  +  t  +  ui+1  +  ...  +  unf):Y 
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we  have 


2/1  '•  Ki }  •  •  •  >  Vk  •  Yk  =£•  (^1  +  • . .  +  Wi-i  + 1  +  w»+i  +  • .  •  +  unf )  :Y. 

Now  substitute  t(yi,  . . .,  yn)  for  u,  everywhere  in  To- 

By  the  way,  this  may  lead  to  the  constant  specifications  of  the  sort  c:  A(c)  where 
A(e)  contains  c.  It  looks  like  such  self-referential  constant  specifications  are  es¬ 
sential  for  realization  of  modal  logic  in  the  Logic  of  Proofs. 

Note  that  t(j/i,...,yn)  has  no  provisional  variables,  and  that  there  is  one  less  provisional 
variable  (namely  «,•)  in  the  entire  tree  To-  All  sequents  derivable  in  CP  remain  derivable 
in  CP,  the  conclusion  of  the  given  rule  ( ^  0)  became  derivable,  and  the  induction  step  is 
complete. 

Eventually,  we  substitute  terms  of  non-provisional  variables  for  all  provisional  variables  in 
To  and  establish  that  the  corresponding  root  sequent  of  To  is  derivable  in  CP.  Note  that  the 
realization  of  O’s  built  by  this  procedure  is  normal. 

◄ 


8.3  Corollary.  (Arithmetical  completeness  of  54.)  S4  \~  F  iff  there  is  a  realization  r  and 
a  constant  specification  CS  such  that  Fr  is  CS-valid. 


8.4  Comment.  It  follows  from  8.1  and  8.2  that  51  is  nothing  but  a  lazy  version  of  CP  that 
does  not  distinguish  between  the  proof  polynomials.  Each  theorem  of  54  admits  a  decoding 
via  CP  as  a  statement  about  specific  proofs.  The  language  of  CP  is  more  rich  than  that  of 
54.  In  particular,  54  theorems  admit  essentially  different  realizations  in  CP.  For  example, 
consider  two  theorems  of  CP  having  the  same  modal  projection: 

x:FVy:F  — >•  (x  +  y)  :F  and  x:FVx:F  —¥  x:F. 

The  former  of  these  formulas  is  a  meaningful  specification  of  the  operation  “+”.  In  a  contrast, 
the  latter  one  is  a  trivial  tautology. 

So  CP  is  the  right  logic  of  provability,  and  54  should  be  considered  as  a  lazy  higher  level 
language  on  top  of  CP.  A  general  recipe  for  using  54  as  a  provability  logic  might  be  the 
following:  derive  in  54  or  reason  about  54  using  a  conventional  modal  logic  technique  as 
before,  then  translate  the  results  into  CP  to  recover  their  true  provability  meaning. 


8.5  Comment.  As  it  was  noticed  by  A.  Kopylov,  the  example  from  8.4  can  be  generalized: 
54  also  admits  a  degenerated  realization  in  the  “+”-free  fragment  of  CP,  under  which  all 
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arguments  of  proof  polynomials  are  denoted  by  the  same  proof  variable  and  only  one  universal 
constant  is  used  as  a  coefficient. 

For  example,  the  «S4-theorem  (DAVDB)  — »■  0(AV5)  (cf.  Example  4.7)  can  be  realized 
in  CP  as  (a; :  A  V  x  :  B)  -4  (c-x) :  (AV.B)  with  the  constant  specification  c :  (A  -4  A  V  B), 
c:(B  -4  A  V  B).  As  one  can  see,  this  realization  cripples  the  provability  content  of  modal 
logic.  Namely,  it  presupposes  that  the  constant  c  stands  for  the  proof  of  two  different  axioms, 
which  is  inconsistent  with  an  injective  assignment  of  proof  constants  to  propositional  axioms 
in  rule  R2  of  CP.  The  assumption  that  A  and  B  have  the  same  proof  contradicts  the  intended 
provability  reading  of  the  original  modal  formula  (DAVDB)  -4  D(AVjB)  as  if  there  is  a 
proof  of  A,  or  there  is  a  proof  of  B,  then  there  is  a  proof  of  A\/B.  Indeed,  the  Skolem  style 
conversion  of  this  formula  from  the  language  with  quantifiers  into  the  quantifier-free  language 
with  Skolem  functions  is  if  x  is  a  proof  of  A  and  y  is  a  proof  of  B,  then  t(x,  y)  is  a  proof  of 
AvB.  One  can  show  that  such  t(x,y)  cannot  be  taken  to  be  “+”-free  provided  x  and  y  are 
distinct  proof  variables.  Indeed,  let  5i  and  S2  be  propositional  letters.  Suppose 

CP  x :  Si  V  y :  S2  t:(Si  V  S2) 

for  some  “+”-free  term  t.  Then  CP  b  x :  Si  -4  t :  (Si  V  52)  and  CP  b  y  :  S2  -4  t :  (Si  V  S2)- 
Consider  the  shortest  cut-free  derivation  V  of  x:Si  =>  t:  (Si  V  S2)  in  CPQ.  A  straightforward 
analysis  of  V  rules  out  the  use  of  axioms  other  than  x :  Si  =>  x :  Si  and  rules  other  than  (=>■  •) 
and  (=>•  c)  in  the  form  x:Si  =>  c:  A.  Therefore  t  is  a  product  of  some  proof  constants  and  the 
variable  x.  Similarly,  from  CP  h  y :  S2  -4  t:(Si  V  52)  we  conclude  that  t  is  a  product  of  some 
proof  constants  and  the  variable  y.  Therefore,  t  is  a  product  of  some  proof  constants,  and  V 
does  not  contain  axioms  of  the  sort  x:  Si  =*>  x:  Si-  That  means  that  in  the  leaf  nodes  of  V 
there  are  only  the  rules  (=>■  c)  in  the  form  x :  S\  =>•  c :  A.  Erase  x :  Si  from  the  antecedents 
of  all  sequents  in  V.  The  remaining  tree  will  be  a  derivation  of  =>  t :  (Si  V  S2)  in  CPQ.  This 
would  yield  CP  b  t:  (Si  V  S2)  and  CP  b  Si  V  S2,  which  not  true. 

The  “+”-free  fragment  of  CP  is  not  complete  with  respect  to  the  class  of  all  single¬ 
conclusion  proof  predicates.  It  can  be  made  complete  by  adding  the  functionality  principle 
from  [2].  The  completeness  of  the  resulting  system  TCP  with  respect  to  single-conclusion  proof 
systems  was  established  by  V.  Krupski  in  ([42]).  TCP  does  not  have  a  modal  counterpart. 
For  example,  TCP  derives  a  principle  -i(x :  A  A  x :  (A  4  A)) ,  which  has  the  forgetful  projection 
-'(OiA  D(A— >■  A)).  The  latter  is  false  in  any  normal  modal  logic. 


8.6  Definition.  Let  gk(F)  denote  a  translation  of  an  intuitionistic  formula  F  into  the  plain 
modal  language  that  puts  the  prefix  □  in  front  of  all  subformulas  in  F  ( Godel-Kolmogorov 
translation).  Under  mt(F)  we  understand  the  translation  that  prefixes  only  atoms  and  im¬ 
plications  in  F  ( McKinsey- Tarski  translation).  A  propositional  formula  F  is  GK-realizable 
(MT-realizable)  if  there  exists  a  normal  realization  r  such  that  gk(F)r  ( mt(F)r )  is  derivable 
in  CP. 
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8.7  Theorem.  (Realization  of  intuitionistic  logic)  For  any  Int-formula  F 

1.  Int  h  F  F  is  GK-realizable, 

2.  Int  I -  F  O-  F  is  MT-realizable 

Proof.  It  is  well-known  that 

Int  h  F  iff  S4  b  gk(F ) 

(see,  for  example,  [18]),  and 

Int  h  F  iff  Si\-  mt(F ) 

([25], [49]).  A  straightforward  combination  of  these  results  with  the  realization  of  into  CP 
(Theorem  8.2)  brings  us  the  desired  result. 

◄ 


8.8  Corollary.  (Arithmetical  completeness  of  Int.)  Int  h  F  iff  there  is  a  realization  r 
and  constant  specification  CS  such  that  gk(F)r  is  CS-valid  (mt(F)r  is  CS-valid). 

Note  that  GA-realizability  may  be  regarded  as  a  formalization  of  the  Kolmogorov  calculus 
of  problems  from  [34]  by  reading  “problem  solutions”  as  “proofs” .  This  realizability  gives  a 
plausible  formalization  of  Kolmogorov’s  calculus  of  problems  [34].  Propositional  atoms  are 
interpreted  as  atomic  problems,  namely  statements  of  the  sort  t :  S  meaning  “t  is  a  proof  of 
ST.  Intuitionistic  connectives  are  given  precise  meaning  according  to  [34]  (cf.  the  description 
of  BHK  semantics  in  section  1). 

We  conclude  this  section  with  examples  of  GK-  and  MT-realizability. 

8.9  Example.  Let  S,  T  be  propositional  letters.  Consider  the  formula 

F  =  (-iS  V  T)  — >■  (5-iT), 

obviously  provable  in  Xnt.  The  corresponding  translations  of  this  formula  to  the  modal 
language  are  (in  both  cases  the  outermost  D’s  are  suppressed  for  briefty): 

mt{F)  =  (□-.□S' V  DT)  -)•  □(□S’^-QT), 

gk(F)  =  □(□-.□£  V  DT)  □(□5->aT). 

We  will  present  one  of  the  possible  meaningful  normal  realizations  in  CP  for  each  of  mt(F) 
and  gk(F). 

The  following  is  a  derivation  in  CP  with  a  simultanious  construction  of  a  normal  realization 
of  mt(F). 
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1.  ->x:S  — >•  ( x:S-4y:T ),  by  classical  logic; 

2.  a : [-12 : S  -4  ( x:5-4y:T )],  by  necessitation  rule  4.5.  Note  that  here  a  is  a  product  of 
some  axiom  constants  with  obvious  specifications; 

3.  z:(-<x:S)  -4  ( a-z):(x:S-+y:T ),  from  2,  by  AS; 

4.  y:T  -4  (x:5-4y:T),  axiom  of  propositional  logic  AO; 

5.  b:[y:T  -4  (x  :S-4y:T)],  from  4,  by  axiom  necessitation  R2; 

6.  \y:y:T -4  (b-\y):(x:S-+y:T),  from  5,  by  AS; 

7.  y:T  -+ly:y:T,  axiom  AS; 

8.  y:T  -4  (b-ly)  :(x:S-+y:T),  from  6,7,  by  classical  logic; 

9.  (z:(px:S)Vy:T)  -4  (o-z  +  b-\y):(x:S-ty:T),  from  3,8,  by  A4. 

This  realization  of  mt(F)  says:  if  either  z  is  a  proof  of  -ix  :  S,  or  y  is  a  proof  of  T,  then 
a*z  +  b-ly  is  a  proof  of  the  implication  x :  S  -4y  :T,  where  a  and  b  are  proofs  of  the  tautologies 
->x:S  -4  (x:S— ty:T)  and  y:T  — >•  (x:S-ty:T)  respectively. 

In  the  case  of  gk(F)  the  realization  is  constructed  along  the  following  derivation  in  CP. 

1.  -1  x:S  -4  ( x:S-ty:T ),  by  classical  logic; 

2.  2:(->x:5)  — >  ->x:S,  axiom  Al; 

3.  x:(-ix:5)  -4  ( x:S-*y:T ),  from  1,2; 

4.  y:T  -4  ( x:S-¥y:T ),  axiom  of  propositional  logic  AO; 

5.  (z:  (->x:S)  Vy:T)  -4  (x:5-4y:T),  from  3,4,  by  classical  logic; 

6.  c:H,  when  H  is  from  5,  by  necessitation  rule  4.5.  Here  c  is  a  ground  proof  polynomial, 
easily  recoverable  from  the  derivation  of  5. 

7.  «: (z: (->x:5) Vy:T)  -4  (c-u):(x:S-*y:T),  from  6,  by  AS. 

This  realization  says:  if  u  is  a  proof  of  the  disjunction  z:-ix:5Vy:T,  then  c-u  is  a  proof  of 
x:5->y:T,  where  c  is  a  proof  of  (z:-ix:SVy:T)  — )■  (x:5-4y:T). 


9  Realization  of  A-calculi 

In  the  section  we  show  that  CP  provides  a  standard  provability  semantics  for  the  operator 
of  A-abstraction.  Through  a  realization  in  CP  both  modality  and  A-terms  receive  a  uniform 
provability  semantics. 

The  defined  abstraction  operator  X*x  on  proof  polynomials  below  is  a  natural  extension 
of  the  defined  A-abstraction  operator  A*x  in  combinatory  logic  (cf.[73]). 

9.1  Definition.  As  usual  (cf.[73]),  the  intuitionistic  version  1CPQ  of  CPQ  may  be  defined  as 
the  fragment  of  CPQ  consisting  of  sequents  of  the  form  T  =£•  A,  there  A  contains  at  most  one 
formula. 
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The  cut  elimination  theorem  for  XCPQ  was  established  in  [6],  [7]. 

9.2  Definition.  Under  ground  (=^!)  rule  we  mean  the  rule  (=»!)  where  the  principal  proof 
polynomial  t  contains  no  variables.  An  2£R7-derivation  V  is  pure  if  it  uses  no  rules  other  than 
(=>  *)>  (=^c),  and  ground  (=^ !).  It  is  clear  that  every  pure  derivation  is  normal  since  it  has 
no  cuts. 

Assume  that  a  calculus  of  A-terms  is  presented  as  the  sequent  calculus  of  the  format 
x\  :  A\ , . . . ,  xn  :  Bn  =>  t(x) :  B  with  the  reading  term  t(x)  has  a  type  B  provided  X{  has  type 
Bi  for  all  %  =  0,1,...,  n  (cf.  system  G2i*  from  [73]).  Under  such  formulation  a  A-term  is 
presented  as  a  sequent,  and  formation  rules  of  A-terms  become  inference  rules  in  the  given 
sequent  calculus. 

A  straightforward  observation  shows  that  some  of  the  A-terms  constructors  can  be  natu¬ 
rally  represented  as  derivation  in  XCPQ .  For  example,  the  pairing  function  introduction  rule 

T  =>  t:A  T  =>>  s:B 
T  =>  p(t,s):(AAl?) 

has  a  natural  counterpart  Z£Pt/-derivation 


T  =>  c:(A— >(B— >(AAB))  T  =>  t:A 

r  =*  (c-t):(B->{AAB))  T  =»  s:B 

T  =£►  (c  •  t  •  s) :  (AaB) 

In  fact  the  entire  A-calculus  can  be  embedded  into  XCPQ  ([6],  [7]).  The  key  element  of  this 
embedding  is  emulating  A-abstraction  in  the  combinatory  logic  style  (cf.[73j).  We  define  the 
admissible  rule  A*  on  sequents  in  XCPQ ,  which  will  represent  in  XCPQ  traditional  A-abstraction. 

9.3  Theorem.  (Definable  abstraction)  Let  V  be  a  pure  XCPQ -derivation  of  a  sequent 

p:T,x:A  =>  t(x):B 

such  that  x  does  not  occur  inp:T ,  A,  B.  Then  one  may  construct  a  proof  polynomial  \*x.t(x) 
and  a  pure  XCPQ -derivation  Vf  of  the  sequent 

p:T  A *x.t(x):(A~+B). 


Proof.  The  base  case  is  the  depth  of  V  equals  one.  There  are  two  possibilities. 
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1.  V  is  an  axiom  sequent  p:T,  x:A  t(x):B  and  t(x)  contains  an  occurrence  of  x.  Then 
t(x)  :B  =  x:  A.  Let  V  be  the  pure  derivation  of  the  sequent  =>  (a  •  b  •  c) :  (A->  A)  where 
a ,  b,  c  are  proof  constants  specified  by  the  conditions  (cf.[73],  section  1.3.6.) 

o, ([A — >■  ((A — ^  A)  — t  A)]  — ^[(A — ^  (A — ¥  A))  — ^  (A  — >■  A)]) 
b :  [A — ^  ((A — ^  A)  — ^  A)] 
c:[A— >•  (>!->•  A)]. 

Let  A*x.x  —  (a  •  b  •  c).  In  fact  this  case  coincides  with  the  presentation  of  X*xA.x  as 
sA,A-¥A,A^A,Ar*A^A,A  ;n  COmbinatory  logic  (cf.[73]). 

2.  V  is  an  axiom  sequent  p :  T,  x :  A  =>  t(x):B  and  t  does  not  contain  an  occurrence  of  x. 
Then  t:B  €  p:T  and  p:T  =>  t:B  is  again  an  axiom  sequent.  Let  V  be 

- (=>-c) 

p:T  ^b:{B^(A^B))  p:T=>t:B  .  . 

— - - - - - - - - - (=»•)• 

p:T=>  {b-t):  (A—>B) 

Let  A *x.t  =  b  -  t.  This  is  the  well  known  equality  A *xA.tB  =  \tB<AtB  of  combinatory  logic. 

The  induction  step  corresponding  to  the  ground  ( =$■ !)  rule  is  treated  similarly  to  case  2. 
Consider  the  case  (=£•  •).  Let  a  derivation  V  end  with 

p:T,x:A=»  s^V-^B)  p:r, x: A  =»> 
p :  T,  x :  A  =*►  (. s-t):B 

By  the  induction  hypothesis,  we  have  already  built  pure  derivations  of  p :  T  =>•  A *x.s :  (A 
(Y  — *B))  and  p:T  =>  \*x.t :  (A— >  Y).  From  them  we  construct  pure  derivations 


p:T  =►  c:((A-»-(Y->-J3))->-((A->Y)->-(A-»B)))  p:T  =»  \*x.s:(A->(Y->B)) 
p:T  =►  (c-A*x.«):((A->Y)->(A->£)) 

and 

p:T  =*•  (c-  A*x.s):((A-»Y)-»(A— ►  £))  p:T  =$»  A *x.t:(A-*Y) 

p:T  =>  (c-  A*x.s  •  A*x.£):(A-*JB) 

Let  A*x.(s  •  t)  =  (c  •  A*x.s  •  A*x.t).  In  combinatory  logic  notation 

\*xA.sY-*BtY  =  sA,Y,B  X*x.sX*x.t 

◄ 
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9.4  Comment.  In  XjCPQ,  A-abstraction  is  decoded  by  a  proof  polynomials  depending  on  a 
context  (e.g.  an  ICPQ- derivation).  In  this  respect  the  realization  from  9.3  of  A-abstraction  by 
proof  polynomials  is  similar  the  realization  of  (51-modality  which  is  decomposed  in  8.2  into  a 
set  of  proof  polynomials  depending  on  a  context  (an  <S4-derivation). 


9.5  Comment.  In  fact  A*  cannot  be  easily  extended  from  pure  to  more  general  derivations 
without  sacrificing  some  desired  properties.  We  need  to  keep  the  format  p:Y,  x :  A  =>•  t(x):B 
throughout  the  entire  derivation  V  in  order  to  preserve  the  inductive  character  of  the  defini¬ 
tion.  The  restriction  ax  does  not  occur  in  p:TtA,B”  is  needed  to  guarantee  the  correctness 
of  /3-conversion  (below)  for  A*-abstraction,  though  it  rules  out  (=*>!).  Note  that  the  rule  (=£•!) 
does  not  admit  abstraction  anyway.  Indeed,  in  ICPQ  we  may  derive 

x:A  =>■  x:A 
x:A  =>•  lx:x:A 

but  for  no  proof  polynomial  p  does  ICPQ  derive 

=£•  p:(A-tx:A), 


since  A— >x\A  is  not  provable  in  CP. 

The  dual  operation  to  A-abstraction  i.e.  /3- conversion 

(A  xA.tB)sA  tB[xA/sA] 

is  naturally  presented  as  the  following  transformation  of  pure  derivations  in  ICPQ: 

p:T,  x:A  =$■  t(x):B 

p:T  =»  A *st(s):(A->-ff) _ p:T  =»  s:A 

p:T  =>  (A *xt(x)  ■  s):B 


transforms  into 

p:T  =>  s:A  p:T,s:A  ^  t(s):B 

p:T  =$>  t(s):B 


The  rule  of  77- conversion 

(A xA.tB)sA  — t  if  x  is  not  free  in  t 

is  treated  in  the  same  way.  Finally,  a-conversion  corresponds  to  an  obviously  valid  rule  of 
renaming  bounded  variables  in  2£f*7-derivations  with  abstraction. 
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All  other  standard  A-term  constructors  for  Xnt  can  also  be  realized  as  admissible  rules  in 
XCPQ  (cf.[6],[7]).  This  is  a  straightforward  corollary  of  the  fact  that  Xnt  is  a  fragment  of  X CPQ 
and  of  the  lifting  lemma  adapted  for  XCPQ.  Indeed,  if  XCPQ  h  T  =>•  B,  then  by  induction  on 
the  given  proof  one  can  construct  a  proof  polynomial  p(y)  such  that  XCPQ  I -  y:T  =$>  p(y)  :B. 

Since  both  modal  logic  and  all  standard  A-term  constructors  can  be  emulated  by  proof 
polynomials,  the  Logic  of  Proofs  can  also  emulate  modal  A-calculi.  As  it  was  shown  in  [6],  [7] 
XCPQ  naturally  realizes  the  modal  A-calculus  for  XSi  ([10],  [45],  [60],  cf.  also  [15])  and  thus 
supplies  modal  A-terms  with  standard  provability  semantics.  This  result  may  be  considered  as 
a  more  general  abstract  version  of  the  well-known  Curry-Howard  isomorphism  which  relates 
terms/types  with  proofs/formulas. 

10  Discussion 

Roughly  speaking,  jCP  is  an  advanced  system  of  combinatory  logic  that  accommodates  not 
only  the  “application”  operation,  but  also  “proof  checker”  and  “choice”.  These  operations 
subsume  the  simply  typed  A-calculus  together  with  the  modal  logic  54,  and  thus  the  entire 
modal  A-calculus.  In  particular,  CP  creates  an  environment  where  modality  and  A  terms  are 
objects  of  the  same  nature,  namely  proof  polynomials.  Another  way  to  look  at  it:  modal  logic 
is  a  forgetful  projection  of  a  combinatory  logic  enriched  by  the  operations  “proof  checker” 
and  “choice”. 

There  was  a  major  difficulty  standing  in  the  way  of  presenting  modality  via  a  system 
of  terms:  such  a  presentation  should  be  self-referential  and  accommodate  types  containing 
terms  of  any  type,  including  its  own,  for  example,  x  :F(x).  The  choice  of  the  combinatory 
logic  format  for  CP  versus  the  obvious  A-term  one  in  both  Godel’s  explicit  provability  logic 
sketch  from  [26]  and  CP  in  fact  allows  a  concise  presentation  of  this  self-referentiality.  The 
corresponding  straightforward  A-term  system  requires  infinite  supply  of  new  term  constructors 
and  is  hardly  observable. 

The  realization  of  «S4  in  CP  provides  a  fresh  look  at  modal  logic  and  its  applications  in 
general.  Proof  polynomials  reveal  the  dynamic  character  of  modality.  It  raises  the  general 
question  of  finding  explicit  counterparts  to  all  major  modal  logics. 

Such  areas  as  modal  A-calculi,  polymorphic  second  order  A-calculi,  A-calculi  with  types  de¬ 
pending  on  terms,  non-deterministic  A-calculi,  etc.,  could  benefit  from  viewing  their  semantics 
as  proof  polynomials  delivered  by  CP. 

Gabbay’s  Labelled  Deductive  Systems  ([23])  may  serve  as  a  natural  framework  for  CP. 
Intuitionistic  Type  Theory  by  Martin-Lof  [46],  [47]  also  makes  use  of  the  format  t:F  with  its 
informal  provability  reading.  CP  may  also  be  regarded  as  a  basic  epistemic  logic  with  explicit 
justifications;  a  problem  of  finding  such  systems  was  raised  by  van  Benthem  in  [9]. 
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The  studies  of  the  logic  QC  of  implicit  provability  Provable(x)  ([67], [65], [12],  [13], [14], [31]) 
has  given  vast  experience  in  arithmetical  self-referential  semantics  for  modal  logics.  The 
completeness  theorem  for  CP  (Theorem  7.1)  could  not  probably  have  been  obtained  without 
the  knowledge  accumulated  in  this  area. 
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